Light Dark
October 2, 2017 By Douglas Bonderud 3 min read
Risk Management
CISO
Data Protection

National Cyber Security Awareness Month (NCSAM) starts Monday, Oct. 2. It’s a joint effort between private industry and public agencies to help companies and individuals make better cybersecurity choices. Here’s a look at the current state of cybersecurity and what NCSAM has planned this year.

An Evolving Outlook on Cybersecurity

2017 has been a year of ups and downs. The good news? A Grant Thornton study found that federal chief information officers (CIOs) reported progress on both agile and cloud computing initiatives, although many still struggle with effective security implementation. Investment is also up, according to Forbes, with cybersecurity spending expected to reach $170 billion by 2020. Meanwhile, RiskIQ reported that the total number of phishing attacks fell in Q2 2017.

The bad news is that large-scale attacks are on the rise. Consider the U.S. Securities and Exchange Commission (SEC), whose EDGAR database was compromised last year. The agency recently discovered that stolen data may have been used for insider trading. And while the overall number of phishing attacks decreased, the RiskIQ report noted that more companies were targeted during Q1 than in Q2.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

It’s also worth noting that human error is a top threat to cybersecurity. As the number and sophistication of phishing emails increases, employees are more likely to click on malicious links or respond to fraudulent messages supposedly from C-suite executives.

A Week-by-Week Breakdown of National Cyber Security Awareness Month

The goal of National Cyber Security Awareness Month is to highlight emerging security issues and guide both citizens and corporations to make better cybersecurity choices. Each week in October is assigned a theme to help focus cybersecurity efforts and develop new strategies.

  • Week One (Oct. 2–6): Simple Steps to Online Safety. This week is all about the basics: What companies and individuals can do to protect themselves online and respond to a cybersecurity incident. For example, solid security hygiene practices such as not reusing passwords and learning to spot phishing emails can help reduce potential risks.
  • Week Two (Oct. 9–13): Cybersecurity in the Workplace is Everyone’s Business. The second week of NCSAM targets the need for companywide ownership of cybersecurity best practices. Effective staff training, combined with resources and standards such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, can help reduce the frequency and severity of malicious attacks.
  • Week Three (Oct. 16–20): Today’s Predictions for Tomorrow’s Internet. The evolution of smart homes, businesses and devices represents both opportunity and risk. This week is designed to showcase the critical role of sensitive, personal data in the smart device revolution and the need for secure storage, transmission and handling of this data.
  • Week Four (Oct. 23–27): The Internet Wants YOU: Consider a Career in Cybersecurity. As noted by Forbes, there’s an expected shortage of 2 million cybersecurity professionals by 2019. Week four of NCSAM aims to highlight ways that students can prepare for careers in cybersecurity, and how job seekers looking to switch careers can tap this growing market.
  • Week Five (Oct. 30–31): Protecting Critical Infrastructure from Security Threats. The last week in October runs right into Halloween and targets a scary security situation for companies: critical infrastructure compromise. With fraudsters now targeting utility and physical infrastructure providers by exploiting outdated SCADA and ICS systems, it’s essential to understand the link between cybersecurity and national infrastructure.

Looking to learn more? The U.S. Department of Homeland Security’s (DHS) Stop.Think.Connect. initiative aims to raise public cybersecurity awareness, while the National Institute for Cybersecurity Careers and Studies (NICCS) is rolling out new training and education resources to help advance government cybersecurity careers. The DHS also offers weekly tip cards to help individuals and organizations improve their overall security posture.

Creating a Long-Term Culture of Security

2017 has been an eventful year for cybersecurity. Even as citizens and companies increase their awareness, cybercriminals are leveraging both new avenues of compromise, such as Internet of Things (IoT)-based botnets, and more traditional attack methods, such as phishing campaigns, to breach enterprise networks and steal personal data. In addition, wearable and always-connected devices, combined with aging password culture, has created a new market for fraudsters — one that benefits from user assumptions of inherent privacy and protection.

Improving cybersecurity awareness is only the first step. The ultimate goal of National Cyber Ssecurity Awareness Month is to jump-start the conversation, give users essential skills to improve their basic online hygiene and drive more in-depth analysis of long-term cybersecurity efforts.

Think of it this way: Malicious actors commonly share information to develop new attack methods. Users and enterprises must be willing to do the same.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

 |  |  |  | 
Douglas Bonderud
Freelance Writer

More from Risk Management
April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

April 11, 2024

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature