October 1, 2018 By Douglas Bonderud 4 min read

Today marks the first day of National Cyber Security Awareness Month (NCSAM), a collaborative effort that began in 2004 as part of a joint campaign of the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS).

This year, NCSAM focuses on internet security as a shared responsibility among consumers, businesses and the cyber workforce. Let’s take a look back at the year in cybersecurity and preview what NCSAM 2018 has in store.

Looking Back on Cybersecurity in 2018

It’s been a year of transition for cybersecurity professionals and attackers alike. As noted by Forbes, cybersecurity spending in the U.S. could reach $66 billion by the end of 2018. Globally, that number will likely reach close to $100 billion by the end of the year. Total breaches are down from 2017, but attackers are changing tactics: Where servers and workstations once took priority, threat actors are now directly targeting mobile applications and users to breach networks and compromise data.

It’s also worth noting that the rate of cryptojacking scams increased by 141 percent in the past year, according to Trend Micro. And, just like in 2017, human error remains a top concern for companies: A recent CA Technologies survey found that 90 percent of organizations feel vulnerable to malicious or accidental insider attacks.

Listen to the podcast

National Cyber Security Awareness Month: Week by Week

NCSAM 2018 aims to “shine a spotlight on the critical need to build a strong, cyber secure workforce to help ensure families, communities, businesses and the country’s infrastructure are better protected.” The month is divided into four week-long themes, described in more detail below.

Week 1 (Oct. 1–5): Make Your Home a Haven for Online Safety

The first week’s theme addresses cybersecurity practices in the home. Parents and caregivers teach children how to safely cross the street and avoid strangers who might cause them harm, but digital safety is often seen as less pressing. The problem is that today’s children must navigate a digital world filled with streaming content, mobile devices and on-demand access.

According to Pew Research, 77 percent of Americans now own a smartphone, nearly 75 percent own a desktop or laptop computer, and around 50 percent own tablets. Including cybersecurity as part of mainstream education is critical to nurture the next generation of tech-savvy adults.

Week 2 (Oct. 8–12): Millions of Rewarding Jobs — Educating for a Career in Cybersecurity

The growing cybersecurity skills gap continues to challenge organizations, with 69 percent of businesses saying they’re under-resourced because they can’t find enough qualified IT staff to fill expanding security departments.

Week two of NCSAM focuses on “ways to motivate parents, teachers and counselors to learn more about the field and how to best inspire students and others to seek highly fulfilling cybersecurity careers.” To put it simply, demand exists and training is getting better; now it’s a matter of cultivating student interest.

Week 3 (Oct. 15–19): It’s Everyone’s Job to Ensure Online Safety at Work

As noted above, employees are a top cybersecurity risk for many organizations. According to Verizon’s “2018 Protected Health Information Data Breach Report (PHIDBR),” 58 percent of healthcare data loss incidents from 2016 to 2017 involved insiders. While many of these insider threats are accidental — users may inadvertently click on phishing links or access unsecured sites via personal devices on corporate networks — the results are no less damaging.

Week three aims to help users fuse cybersecurity across their work and personal lives and emphasizes the shared responsibility of employees to help manage risk and improve resilience.

Week 4 (Oct. 22–26): Safeguarding the Nation’s Critical Infrastructure

The last week of National Cyber Security Awareness Month will focus on protecting the country’s critical infrastructure, since disruptions to systems that provide power, water, health services or other crucial resources “can have significant and even catastrophic consequences for our nation.”

The increasing use of internet-facing industrial control system (ICSs) has already put many organizations at risk of malware and other cyberthreats. The final week of NCSAM will highlight the roles users can play in keeping infrastructure safe, leading the transition into November’s Critical Infrastructure Security and Resilience Month.

Even after October ends, NCSAM encourages companies and consumers to actively engage with cybersecurity topics by using tools available through the STOP. THINK. CONNECT. campaign or leveraging EDUCAUSE’s NCSAM Resource Kit, which includes planning guides, posters and international support links. To address the critical role of humans in cybersecurity, the National Cyber Security Alliance recommended using free employee training resources from partners such as ESET.

We’re All in This Together

This past year saw attackers taking advantage of the growing cybersecurity skills gap to infect devices with cryptojacking malware, spam users with macro-enabled phishing emails and hijack poorly protected Internet of Things (IoT) devices to create powerful botnets. NCSAM 2018 recognizes the critical need to encourage and train the next generation of security professionals by teaching them cyber skills early, demonstrating the value of information security jobs and shoring up the shared responsibility of cybersecurity in the workplace. Finally, NCSAM considers the evolving impact of national infrastructure attacks and how the public at large can help mitigate potential threats.

This year’s overarching cybersecurity theme is clear: We’re all in this together, and we can’t do it alone. Effective defense demands a team effort where employees, enterprises and end users alike recognize their shared role in reducing cybersecurity risks.

Listen to the podcast

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today