National Cyber Security Awareness Month (NCSAM) starts Monday, Oct. 2. It’s a joint effort between private industry and public agencies to help companies and individuals make better cybersecurity choices. Here’s a look at the current state of cybersecurity and what NCSAM has planned this year.

An Evolving Outlook on Cybersecurity

2017 has been a year of ups and downs. The good news? A Grant Thornton study found that federal chief information officers (CIOs) reported progress on both agile and cloud computing initiatives, although many still struggle with effective security implementation. Investment is also up, according to Forbes, with cybersecurity spending expected to reach $170 billion by 2020. Meanwhile, RiskIQ reported that the total number of phishing attacks fell in Q2 2017.

The bad news is that large-scale attacks are on the rise. Consider the U.S. Securities and Exchange Commission (SEC), whose EDGAR database was compromised last year. The agency recently discovered that stolen data may have been used for insider trading. And while the overall number of phishing attacks decreased, the RiskIQ report noted that more companies were targeted during Q1 than in Q2.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

It’s also worth noting that human error is a top threat to cybersecurity. As the number and sophistication of phishing emails increases, employees are more likely to click on malicious links or respond to fraudulent messages supposedly from C-suite executives.

A Week-by-Week Breakdown of National Cyber Security Awareness Month

The goal of National Cyber Security Awareness Month is to highlight emerging security issues and guide both citizens and corporations to make better cybersecurity choices. Each week in October is assigned a theme to help focus cybersecurity efforts and develop new strategies.

  • Week One (Oct. 2–6): Simple Steps to Online Safety. This week is all about the basics: What companies and individuals can do to protect themselves online and respond to a cybersecurity incident. For example, solid security hygiene practices such as not reusing passwords and learning to spot phishing emails can help reduce potential risks.
  • Week Two (Oct. 9–13): Cybersecurity in the Workplace is Everyone’s Business. The second week of NCSAM targets the need for companywide ownership of cybersecurity best practices. Effective staff training, combined with resources and standards such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, can help reduce the frequency and severity of malicious attacks.
  • Week Three (Oct. 16–20): Today’s Predictions for Tomorrow’s Internet. The evolution of smart homes, businesses and devices represents both opportunity and risk. This week is designed to showcase the critical role of sensitive, personal data in the smart device revolution and the need for secure storage, transmission and handling of this data.
  • Week Four (Oct. 23–27): The Internet Wants YOU: Consider a Career in Cybersecurity. As noted by Forbes, there’s an expected shortage of 2 million cybersecurity professionals by 2019. Week four of NCSAM aims to highlight ways that students can prepare for careers in cybersecurity, and how job seekers looking to switch careers can tap this growing market.
  • Week Five (Oct. 30–31): Protecting Critical Infrastructure from Security Threats. The last week in October runs right into Halloween and targets a scary security situation for companies: critical infrastructure compromise. With fraudsters now targeting utility and physical infrastructure providers by exploiting outdated SCADA and ICS systems, it’s essential to understand the link between cybersecurity and national infrastructure.

Looking to learn more? The U.S. Department of Homeland Security’s (DHS) Stop.Think.Connect. initiative aims to raise public cybersecurity awareness, while the National Institute for Cybersecurity Careers and Studies (NICCS) is rolling out new training and education resources to help advance government cybersecurity careers. The DHS also offers weekly tip cards to help individuals and organizations improve their overall security posture.

Creating a Long-Term Culture of Security

2017 has been an eventful year for cybersecurity. Even as citizens and companies increase their awareness, cybercriminals are leveraging both new avenues of compromise, such as Internet of Things (IoT)-based botnets, and more traditional attack methods, such as phishing campaigns, to breach enterprise networks and steal personal data. In addition, wearable and always-connected devices, combined with aging password culture, has created a new market for fraudsters — one that benefits from user assumptions of inherent privacy and protection.

Improving cybersecurity awareness is only the first step. The ultimate goal of National Cyber Ssecurity Awareness Month is to jump-start the conversation, give users essential skills to improve their basic online hygiene and drive more in-depth analysis of long-term cybersecurity efforts.

Think of it this way: Malicious actors commonly share information to develop new attack methods. Users and enterprises must be willing to do the same.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

More from Risk Management

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today