October 27, 2023 By Jonathan Reed 3 min read

Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety.

How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue.

2004 – 2009: Inaugural year and beyond

This early period emphasized general cybersecurity hygiene, such as using strong passwords, keeping software updated and being cautious about phishing attempts.

For example, in 2005, the National Cybersecurity Alliance emphasized:

  • Protecting personal information, especially when asked for personal data online
  • Using anti-virus software, a firewall and anti-spyware
  • Setting up operating systems and Web browser software properly with regular updates
  • The use of strong passwords or strong authentication technology
  • Backing up important files.

2009 – 2018: Our shared responsibility

In 2009, DHS Secretary Janet Napolitano inaugurated Cybersecurity Awareness Month at an event in Washington, D.C. At the time, Napolitano was the highest-ranking government official to participate in the campaign’s activities. This period emphasized cybersecurity as a shared responsibility involving individuals, businesses and governments.

2010: STOP. THINK. CONNECT. initiative begins

In 2010, the STOP. THINK. CONNECT. initiative was unveiled at that year’s Cybersecurity Awareness Month with a proclamation from President Barack Obama. Continuing to this day, the initiative addresses human behavior online, and for good reason. The most recent Verizon Data Breach Investigations Report reveals the human element continues to be a key driver of 74% of breaches, including social engineering hacks, errors and misuse.

2014: Call for built-in security

In 2014, a new emphasis was placed on building security into information technology products. That year, the National Cybersecurity Alliance stated that security is an essential element of software design, development, testing and maintenance. The goal back then was to engage with stakeholders and educate others about what to do and look for in products.

This theme resonates even more powerfully today, as seen in the current National Cybersecurity Strategy. The strategy proposes new measures and regulations aimed at encouraging secure development practices from software vendors.

2015 – 2019: The era of encryption

The 2015 IBM Cost of a Data Breach report was the first to provide a detailed breakdown of mitigating factors for data breach costs. And from 2015 to 2019, the top two factors held a five-year winning streak. The leading factors during those years were the formation of an incident response (IR) team followed by the extensive use of encryption.

2018: The birth of CISA

In 2018, President Donald Trump signed the Cybersecurity and Infrastructure Security Agency Act of 2018, which established the Cybersecurity and Infrastructure Security Agency (CISA). CISA assists both other government agencies and private sector organizations in addressing cybersecurity issues. CISA now spearheads Cybersecurity Awareness Month efforts, which were previously under the auspices of the National Cybersecurity Alliance.

2019 – 2022: Do Your Part. #BeCyberSmart

During this period, the Do Your Part. #BeCyberSmart campaign was launched. This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.

Over the last decade, ransomware has grown significantly as a security concern. The number of ransomware attacks has increased along with the damage associated with each incident. Security solutions that gained more traction during this period included strategies such as identity and access management (IAM), zero trust and AI-assisted cybersecurity.

2023 and beyond

This year, CISA challenges everyone to help ‘Secure our World’ by adopting four simple steps that everyone can take to stay safe online:

  • Use strong passwords (long, random and unique)
  • Turn on multifactor authentication on all accounts that offer it
  • Recognize and report phishing (“think before you click”)
  • Update software (enable automatic updates and patches).

“As cyber threats become more sophisticated, individuals and families, small and medium businesses and large companies all have an important role to play in keeping our digital world safe and secure,” said CISA Director Jen Easterly. “This Cybersecurity Awareness Month we are asking everyone to do their part to ‘Secure Our World’ by adopting key behaviors that promote online safety and security.”

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today