October 27, 2023 By Jonathan Reed 3 min read

Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety.

How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue.

2004 – 2009: Inaugural year and beyond

This early period emphasized general cybersecurity hygiene, such as using strong passwords, keeping software updated and being cautious about phishing attempts.

For example, in 2005, the National Cybersecurity Alliance emphasized:

  • Protecting personal information, especially when asked for personal data online
  • Using anti-virus software, a firewall and anti-spyware
  • Setting up operating systems and Web browser software properly with regular updates
  • The use of strong passwords or strong authentication technology
  • Backing up important files.

2009 – 2018: Our shared responsibility

In 2009, DHS Secretary Janet Napolitano inaugurated Cybersecurity Awareness Month at an event in Washington, D.C. At the time, Napolitano was the highest-ranking government official to participate in the campaign’s activities. This period emphasized cybersecurity as a shared responsibility involving individuals, businesses and governments.

2010: STOP. THINK. CONNECT. initiative begins

In 2010, the STOP. THINK. CONNECT. initiative was unveiled at that year’s Cybersecurity Awareness Month with a proclamation from President Barack Obama. Continuing to this day, the initiative addresses human behavior online, and for good reason. The most recent Verizon Data Breach Investigations Report reveals the human element continues to be a key driver of 74% of breaches, including social engineering hacks, errors and misuse.

2014: Call for built-in security

In 2014, a new emphasis was placed on building security into information technology products. That year, the National Cybersecurity Alliance stated that security is an essential element of software design, development, testing and maintenance. The goal back then was to engage with stakeholders and educate others about what to do and look for in products.

This theme resonates even more powerfully today, as seen in the current National Cybersecurity Strategy. The strategy proposes new measures and regulations aimed at encouraging secure development practices from software vendors.

2015 – 2019: The era of encryption

The 2015 IBM Cost of a Data Breach report was the first to provide a detailed breakdown of mitigating factors for data breach costs. And from 2015 to 2019, the top two factors held a five-year winning streak. The leading factors during those years were the formation of an incident response (IR) team followed by the extensive use of encryption.

2018: The birth of CISA

In 2018, President Donald Trump signed the Cybersecurity and Infrastructure Security Agency Act of 2018, which established the Cybersecurity and Infrastructure Security Agency (CISA). CISA assists both other government agencies and private sector organizations in addressing cybersecurity issues. CISA now spearheads Cybersecurity Awareness Month efforts, which were previously under the auspices of the National Cybersecurity Alliance.

2019 – 2022: Do Your Part. #BeCyberSmart

During this period, the Do Your Part. #BeCyberSmart campaign was launched. This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.

Over the last decade, ransomware has grown significantly as a security concern. The number of ransomware attacks has increased along with the damage associated with each incident. Security solutions that gained more traction during this period included strategies such as identity and access management (IAM), zero trust and AI-assisted cybersecurity.

2023 and beyond

This year, CISA challenges everyone to help ‘Secure our World’ by adopting four simple steps that everyone can take to stay safe online:

  • Use strong passwords (long, random and unique)
  • Turn on multifactor authentication on all accounts that offer it
  • Recognize and report phishing (“think before you click”)
  • Update software (enable automatic updates and patches).

“As cyber threats become more sophisticated, individuals and families, small and medium businesses and large companies all have an important role to play in keeping our digital world safe and secure,” said CISA Director Jen Easterly. “This Cybersecurity Awareness Month we are asking everyone to do their part to ‘Secure Our World’ by adopting key behaviors that promote online safety and security.”

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today