National Cyber Security Awareness Month (NCSAM) starts Monday, Oct. 2. It’s a joint effort between private industry and public agencies to help companies and individuals make better cybersecurity choices. Here’s a look at the current state of cybersecurity and what NCSAM has planned this year.

An Evolving Outlook on Cybersecurity

2017 has been a year of ups and downs. The good news? A Grant Thornton study found that federal chief information officers (CIOs) reported progress on both agile and cloud computing initiatives, although many still struggle with effective security implementation. Investment is also up, according to Forbes, with cybersecurity spending expected to reach $170 billion by 2020. Meanwhile, RiskIQ reported that the total number of phishing attacks fell in Q2 2017.

The bad news is that large-scale attacks are on the rise. Consider the U.S. Securities and Exchange Commission (SEC), whose EDGAR database was compromised last year. The agency recently discovered that stolen data may have been used for insider trading. And while the overall number of phishing attacks decreased, the RiskIQ report noted that more companies were targeted during Q1 than in Q2.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

It’s also worth noting that human error is a top threat to cybersecurity. As the number and sophistication of phishing emails increases, employees are more likely to click on malicious links or respond to fraudulent messages supposedly from C-suite executives.

A Week-by-Week Breakdown of National Cyber Security Awareness Month

The goal of National Cyber Security Awareness Month is to highlight emerging security issues and guide both citizens and corporations to make better cybersecurity choices. Each week in October is assigned a theme to help focus cybersecurity efforts and develop new strategies.

  • Week One (Oct. 2–6): Simple Steps to Online Safety. This week is all about the basics: What companies and individuals can do to protect themselves online and respond to a cybersecurity incident. For example, solid security hygiene practices such as not reusing passwords and learning to spot phishing emails can help reduce potential risks.
  • Week Two (Oct. 9–13): Cybersecurity in the Workplace is Everyone’s Business. The second week of NCSAM targets the need for companywide ownership of cybersecurity best practices. Effective staff training, combined with resources and standards such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, can help reduce the frequency and severity of malicious attacks.
  • Week Three (Oct. 16–20): Today’s Predictions for Tomorrow’s Internet. The evolution of smart homes, businesses and devices represents both opportunity and risk. This week is designed to showcase the critical role of sensitive, personal data in the smart device revolution and the need for secure storage, transmission and handling of this data.
  • Week Four (Oct. 23–27): The Internet Wants YOU: Consider a Career in Cybersecurity. As noted by Forbes, there’s an expected shortage of 2 million cybersecurity professionals by 2019. Week four of NCSAM aims to highlight ways that students can prepare for careers in cybersecurity, and how job seekers looking to switch careers can tap this growing market.
  • Week Five (Oct. 30–31): Protecting Critical Infrastructure from Security Threats. The last week in October runs right into Halloween and targets a scary security situation for companies: critical infrastructure compromise. With fraudsters now targeting utility and physical infrastructure providers by exploiting outdated SCADA and ICS systems, it’s essential to understand the link between cybersecurity and national infrastructure.

Looking to learn more? The U.S. Department of Homeland Security’s (DHS) Stop.Think.Connect. initiative aims to raise public cybersecurity awareness, while the National Institute for Cybersecurity Careers and Studies (NICCS) is rolling out new training and education resources to help advance government cybersecurity careers. The DHS also offers weekly tip cards to help individuals and organizations improve their overall security posture.

Creating a Long-Term Culture of Security

2017 has been an eventful year for cybersecurity. Even as citizens and companies increase their awareness, cybercriminals are leveraging both new avenues of compromise, such as Internet of Things (IoT)-based botnets, and more traditional attack methods, such as phishing campaigns, to breach enterprise networks and steal personal data. In addition, wearable and always-connected devices, combined with aging password culture, has created a new market for fraudsters — one that benefits from user assumptions of inherent privacy and protection.

Improving cybersecurity awareness is only the first step. The ultimate goal of National Cyber Ssecurity Awareness Month is to jump-start the conversation, give users essential skills to improve their basic online hygiene and drive more in-depth analysis of long-term cybersecurity efforts.

Think of it this way: Malicious actors commonly share information to develop new attack methods. Users and enterprises must be willing to do the same.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

More from Risk Management

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today