National Cyber Security Awareness Month (NCSAM) starts Monday, Oct. 2. It’s a joint effort between private industry and public agencies to help companies and individuals make better cybersecurity choices. Here’s a look at the current state of cybersecurity and what NCSAM has planned this year.

An Evolving Outlook on Cybersecurity

2017 has been a year of ups and downs. The good news? A Grant Thornton study found that federal chief information officers (CIOs) reported progress on both agile and cloud computing initiatives, although many still struggle with effective security implementation. Investment is also up, according to Forbes, with cybersecurity spending expected to reach $170 billion by 2020. Meanwhile, RiskIQ reported that the total number of phishing attacks fell in Q2 2017.

The bad news is that large-scale attacks are on the rise. Consider the U.S. Securities and Exchange Commission (SEC), whose EDGAR database was compromised last year. The agency recently discovered that stolen data may have been used for insider trading. And while the overall number of phishing attacks decreased, the RiskIQ report noted that more companies were targeted during Q1 than in Q2.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

It’s also worth noting that human error is a top threat to cybersecurity. As the number and sophistication of phishing emails increases, employees are more likely to click on malicious links or respond to fraudulent messages supposedly from C-suite executives.

A Week-by-Week Breakdown of National Cyber Security Awareness Month

The goal of National Cyber Security Awareness Month is to highlight emerging security issues and guide both citizens and corporations to make better cybersecurity choices. Each week in October is assigned a theme to help focus cybersecurity efforts and develop new strategies.

  • Week One (Oct. 2–6): Simple Steps to Online Safety. This week is all about the basics: What companies and individuals can do to protect themselves online and respond to a cybersecurity incident. For example, solid security hygiene practices such as not reusing passwords and learning to spot phishing emails can help reduce potential risks.
  • Week Two (Oct. 9–13): Cybersecurity in the Workplace is Everyone’s Business. The second week of NCSAM targets the need for companywide ownership of cybersecurity best practices. Effective staff training, combined with resources and standards such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, can help reduce the frequency and severity of malicious attacks.
  • Week Three (Oct. 16–20): Today’s Predictions for Tomorrow’s Internet. The evolution of smart homes, businesses and devices represents both opportunity and risk. This week is designed to showcase the critical role of sensitive, personal data in the smart device revolution and the need for secure storage, transmission and handling of this data.
  • Week Four (Oct. 23–27): The Internet Wants YOU: Consider a Career in Cybersecurity. As noted by Forbes, there’s an expected shortage of 2 million cybersecurity professionals by 2019. Week four of NCSAM aims to highlight ways that students can prepare for careers in cybersecurity, and how job seekers looking to switch careers can tap this growing market.
  • Week Five (Oct. 30–31): Protecting Critical Infrastructure from Security Threats. The last week in October runs right into Halloween and targets a scary security situation for companies: critical infrastructure compromise. With fraudsters now targeting utility and physical infrastructure providers by exploiting outdated SCADA and ICS systems, it’s essential to understand the link between cybersecurity and national infrastructure.

Looking to learn more? The U.S. Department of Homeland Security’s (DHS) Stop.Think.Connect. initiative aims to raise public cybersecurity awareness, while the National Institute for Cybersecurity Careers and Studies (NICCS) is rolling out new training and education resources to help advance government cybersecurity careers. The DHS also offers weekly tip cards to help individuals and organizations improve their overall security posture.

Creating a Long-Term Culture of Security

2017 has been an eventful year for cybersecurity. Even as citizens and companies increase their awareness, cybercriminals are leveraging both new avenues of compromise, such as Internet of Things (IoT)-based botnets, and more traditional attack methods, such as phishing campaigns, to breach enterprise networks and steal personal data. In addition, wearable and always-connected devices, combined with aging password culture, has created a new market for fraudsters — one that benefits from user assumptions of inherent privacy and protection.

Improving cybersecurity awareness is only the first step. The ultimate goal of National Cyber Ssecurity Awareness Month is to jump-start the conversation, give users essential skills to improve their basic online hygiene and drive more in-depth analysis of long-term cybersecurity efforts.

Think of it this way: Malicious actors commonly share information to develop new attack methods. Users and enterprises must be willing to do the same.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

More from Risk Management

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today