October is Cybersecurity Awareness Month, and this year the focus is on the theme “Secure Our World.” The US Cybersecurity and Infrastructure Security Agency (CISA) has launched this theme as its new cybersecurity awareness program. The goal is to educate Americans on simple ways they can improve their cyber hygiene and protect themselves online.
CISA has outlined four main recommendations for individuals to enhance their cybersecurity. These include using strong passwords, activating multifactor authentication, recognizing and reporting phishing scams, and regularly updating software to ensure all security patches are installed. To provide assistance to businesses, CISA has also created a “Secure Your Business” web page and partnered with the National Cybersecurity Alliance (NCA) to develop a Partner Toolkit with resources such as a PDF guide, sample email, and cybersecurity presentation.
In addition to CISA’s efforts, the National Institute of Standards and Technology (NIST) is celebrating the 20th anniversary of Cybersecurity Awareness Month by sharing a timeline of the agency’s cybersecurity program. NIST will also be hosting events and workshops throughout the month, including a Block Cipher Modes of Operation workshop and Cybersecurity Career Week.
Reflecting on the past twenty years, Arvind Nithrakashyap, Co-Founder and CTO at Rubrik, highlights three significant changes in the security landscape. The mobile revolution, the rise of digital payments, and the emergence of artificial intelligence have all transformed the threat landscape. With billions of smartphones and Internet of Things devices connected to the internet, the potential for cyberattacks has multiplied. Similarly, the popularity of digital payments has opened new opportunities for scams and fraud. Meanwhile, the advancement of AI has provided cybercriminals with a powerful tool to execute attacks but has also become an effective weapon against hackers.
While there have been significant advancements, Nithrakashyap identifies three areas that have remained consistent over the years. Many companies still house critical data in their own private databases and servers despite the rise of cloud computing. Protecting on-premises data remains a key part of the security equation. The security of public infrastructure, such as energy systems and dams, has always been a concern and continues to be a priority. Additionally, security infrastructure involving networks, applications, endpoints, and the cloud remains crucial in maintaining a solid security strategy.
Despite the emphasis on cybersecurity awareness, James Hadley, CEO and Founder of Immersive Labs, argues that awareness alone is not enough to achieve true cyber resilience. Traditional training models and industry certifications have failed to make organizations safer, creating a false sense of security. Hadley advocates for continuous, measurable training across the entire workforce to ensure organizations have the knowledge and skills to respond to emerging threats. With a top-to-bottom cybersecurity education approach, organizations can move beyond awareness and ensure their data is secure.
James Lapalme, Vice President and GM for Identity at Entrust, agrees that cybersecurity awareness should be a year-round priority. Threat actors are constantly evolving, and business leaders need to remain nimble to manage risks effectively. Lapalme highlights the increasing use of spear phishing and social engineering attacks, which can slip by even knowledgeable employees. It is essential for organizations to evolve their technology response and adopt phishing-resistant identities, such as certificate-based authentication and risk-based adaptive setup authentication.
Ultimately, cybersecurity awareness should not be a one-time exercise. The threat landscape is constantly changing, and organizations must continue to evolve their technology and strategies to protect their businesses against new threats. Cybersecurity requires a comprehensive approach that involves continuous training, strong authentication methods, and a culture that encourages reporting and learning from breaches. By prioritizing cybersecurity year-round, organizations can ensure the security of their data and improve their overall resilience against cyber threats.