Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety.
How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue.
2004 – 2009: Inaugural year and beyond
This early period emphasized general cybersecurity hygiene, such as using strong passwords, keeping software updated and being cautious about phishing attempts.
For example, in 2005, the National Cybersecurity Alliance emphasized:
- Protecting personal information, especially when asked for personal data online
- Using anti-virus software, a firewall and anti-spyware
- Setting up operating systems and Web browser software properly with regular updates
- The use of strong passwords or strong authentication technology
- Backing up important files.
2009 – 2018: Our shared responsibility
In 2009, DHS Secretary Janet Napolitano inaugurated Cybersecurity Awareness Month at an event in Washington, D.C. At the time, Napolitano was the highest-ranking government official to participate in the campaign’s activities. This period emphasized cybersecurity as a shared responsibility involving individuals, businesses and governments.
2010: STOP. THINK. CONNECT. initiative begins
In 2010, the STOP. THINK. CONNECT. initiative was unveiled at that year’s Cybersecurity Awareness Month with a proclamation from President Barack Obama. Continuing to this day, the initiative addresses human behavior online, and for good reason. The most recent Verizon Data Breach Investigations Report reveals the human element continues to be a key driver of 74% of breaches, including social engineering hacks, errors and misuse.
2014: Call for built-in security
In 2014, a new emphasis was placed on building security into information technology products. That year, the National Cybersecurity Alliance stated that security is an essential element of software design, development, testing and maintenance. The goal back then was to engage with stakeholders and educate others about what to do and look for in products.
This theme resonates even more powerfully today, as seen in the current National Cybersecurity Strategy. The strategy proposes new measures and regulations aimed at encouraging secure development practices from software vendors.
2015 – 2019: The era of encryption
The 2015 IBM Cost of a Data Breach report was the first to provide a detailed breakdown of mitigating factors for data breach costs. And from 2015 to 2019, the top two factors held a five-year winning streak. The leading factors during those years were the formation of an incident response (IR) team followed by the extensive use of encryption.
2018: The birth of CISA
In 2018, President Donald Trump signed the Cybersecurity and Infrastructure Security Agency Act of 2018, which established the Cybersecurity and Infrastructure Security Agency (CISA). CISA assists both other government agencies and private sector organizations in addressing cybersecurity issues. CISA now spearheads Cybersecurity Awareness Month efforts, which were previously under the auspices of the National Cybersecurity Alliance.
2019 – 2022: Do Your Part. #BeCyberSmart
During this period, the Do Your Part. #BeCyberSmart campaign was launched. This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.
Over the last decade, ransomware has grown significantly as a security concern. The number of ransomware attacks has increased along with the damage associated with each incident. Security solutions that gained more traction during this period included strategies such as identity and access management (IAM), zero trust and AI-assisted cybersecurity.
2023 and beyond
This year, CISA challenges everyone to help ‘Secure our World’ by adopting four simple steps that everyone can take to stay safe online:
- Use strong passwords (long, random and unique)
- Turn on multifactor authentication on all accounts that offer it
- Recognize and report phishing (“think before you click”)
- Update software (enable automatic updates and patches).
“As cyber threats become more sophisticated, individuals and families, small and medium businesses and large companies all have an important role to play in keeping our digital world safe and secure,” said CISA Director Jen Easterly. “This Cybersecurity Awareness Month we are asking everyone to do their part to ‘Secure Our World’ by adopting key behaviors that promote online safety and security.”