National Cyber Security Awareness Month (NCSAM) starts Monday, Oct. 2. It’s a joint effort between private industry and public agencies to help companies and individuals make better cybersecurity choices. Here’s a look at the current state of cybersecurity and what NCSAM has planned this year.

An Evolving Outlook on Cybersecurity

2017 has been a year of ups and downs. The good news? A Grant Thornton study found that federal chief information officers (CIOs) reported progress on both agile and cloud computing initiatives, although many still struggle with effective security implementation. Investment is also up, according to Forbes, with cybersecurity spending expected to reach $170 billion by 2020. Meanwhile, RiskIQ reported that the total number of phishing attacks fell in Q2 2017.

The bad news is that large-scale attacks are on the rise. Consider the U.S. Securities and Exchange Commission (SEC), whose EDGAR database was compromised last year. The agency recently discovered that stolen data may have been used for insider trading. And while the overall number of phishing attacks decreased, the RiskIQ report noted that more companies were targeted during Q1 than in Q2.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

It’s also worth noting that human error is a top threat to cybersecurity. As the number and sophistication of phishing emails increases, employees are more likely to click on malicious links or respond to fraudulent messages supposedly from C-suite executives.

A Week-by-Week Breakdown of National Cyber Security Awareness Month

The goal of National Cyber Security Awareness Month is to highlight emerging security issues and guide both citizens and corporations to make better cybersecurity choices. Each week in October is assigned a theme to help focus cybersecurity efforts and develop new strategies.

  • Week One (Oct. 2–6): Simple Steps to Online Safety. This week is all about the basics: What companies and individuals can do to protect themselves online and respond to a cybersecurity incident. For example, solid security hygiene practices such as not reusing passwords and learning to spot phishing emails can help reduce potential risks.
  • Week Two (Oct. 9–13): Cybersecurity in the Workplace is Everyone’s Business. The second week of NCSAM targets the need for companywide ownership of cybersecurity best practices. Effective staff training, combined with resources and standards such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, can help reduce the frequency and severity of malicious attacks.
  • Week Three (Oct. 16–20): Today’s Predictions for Tomorrow’s Internet. The evolution of smart homes, businesses and devices represents both opportunity and risk. This week is designed to showcase the critical role of sensitive, personal data in the smart device revolution and the need for secure storage, transmission and handling of this data.
  • Week Four (Oct. 23–27): The Internet Wants YOU: Consider a Career in Cybersecurity. As noted by Forbes, there’s an expected shortage of 2 million cybersecurity professionals by 2019. Week four of NCSAM aims to highlight ways that students can prepare for careers in cybersecurity, and how job seekers looking to switch careers can tap this growing market.
  • Week Five (Oct. 30–31): Protecting Critical Infrastructure from Security Threats. The last week in October runs right into Halloween and targets a scary security situation for companies: critical infrastructure compromise. With fraudsters now targeting utility and physical infrastructure providers by exploiting outdated SCADA and ICS systems, it’s essential to understand the link between cybersecurity and national infrastructure.

Looking to learn more? The U.S. Department of Homeland Security’s (DHS) Stop.Think.Connect. initiative aims to raise public cybersecurity awareness, while the National Institute for Cybersecurity Careers and Studies (NICCS) is rolling out new training and education resources to help advance government cybersecurity careers. The DHS also offers weekly tip cards to help individuals and organizations improve their overall security posture.

Creating a Long-Term Culture of Security

2017 has been an eventful year for cybersecurity. Even as citizens and companies increase their awareness, cybercriminals are leveraging both new avenues of compromise, such as Internet of Things (IoT)-based botnets, and more traditional attack methods, such as phishing campaigns, to breach enterprise networks and steal personal data. In addition, wearable and always-connected devices, combined with aging password culture, has created a new market for fraudsters — one that benefits from user assumptions of inherent privacy and protection.

Improving cybersecurity awareness is only the first step. The ultimate goal of National Cyber Ssecurity Awareness Month is to jump-start the conversation, give users essential skills to improve their basic online hygiene and drive more in-depth analysis of long-term cybersecurity efforts.

Think of it this way: Malicious actors commonly share information to develop new attack methods. Users and enterprises must be willing to do the same.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

More from Risk Management

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today