Today marks the first day of National Cyber Security Awareness Month (NCSAM), a collaborative effort that began in 2004 as part of a joint campaign of the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS).

This year, NCSAM focuses on internet security as a shared responsibility among consumers, businesses and the cyber workforce. Let’s take a look back at the year in cybersecurity and preview what NCSAM 2018 has in store.

Looking Back on Cybersecurity in 2018

It’s been a year of transition for cybersecurity professionals and attackers alike. As noted by Forbes, cybersecurity spending in the U.S. could reach $66 billion by the end of 2018. Globally, that number will likely reach close to $100 billion by the end of the year. Total breaches are down from 2017, but attackers are changing tactics: Where servers and workstations once took priority, threat actors are now directly targeting mobile applications and users to breach networks and compromise data.

It’s also worth noting that the rate of cryptojacking scams increased by 141 percent in the past year, according to Trend Micro. And, just like in 2017, human error remains a top concern for companies: A recent CA Technologies survey found that 90 percent of organizations feel vulnerable to malicious or accidental insider attacks.

Listen to the podcast

National Cyber Security Awareness Month: Week by Week

NCSAM 2018 aims to “shine a spotlight on the critical need to build a strong, cyber secure workforce to help ensure families, communities, businesses and the country’s infrastructure are better protected.” The month is divided into four week-long themes, described in more detail below.

Week 1 (Oct. 1–5): Make Your Home a Haven for Online Safety

The first week’s theme addresses cybersecurity practices in the home. Parents and caregivers teach children how to safely cross the street and avoid strangers who might cause them harm, but digital safety is often seen as less pressing. The problem is that today’s children must navigate a digital world filled with streaming content, mobile devices and on-demand access.

According to Pew Research, 77 percent of Americans now own a smartphone, nearly 75 percent own a desktop or laptop computer, and around 50 percent own tablets. Including cybersecurity as part of mainstream education is critical to nurture the next generation of tech-savvy adults.

Week 2 (Oct. 8–12): Millions of Rewarding Jobs — Educating for a Career in Cybersecurity

The growing cybersecurity skills gap continues to challenge organizations, with 69 percent of businesses saying they’re under-resourced because they can’t find enough qualified IT staff to fill expanding security departments.

Week two of NCSAM focuses on “ways to motivate parents, teachers and counselors to learn more about the field and how to best inspire students and others to seek highly fulfilling cybersecurity careers.” To put it simply, demand exists and training is getting better; now it’s a matter of cultivating student interest.

Week 3 (Oct. 15–19): It’s Everyone’s Job to Ensure Online Safety at Work

As noted above, employees are a top cybersecurity risk for many organizations. According to Verizon’s “2018 Protected Health Information Data Breach Report (PHIDBR),” 58 percent of healthcare data loss incidents from 2016 to 2017 involved insiders. While many of these insider threats are accidental — users may inadvertently click on phishing links or access unsecured sites via personal devices on corporate networks — the results are no less damaging.

Week three aims to help users fuse cybersecurity across their work and personal lives and emphasizes the shared responsibility of employees to help manage risk and improve resilience.

Week 4 (Oct. 22–26): Safeguarding the Nation’s Critical Infrastructure

The last week of National Cyber Security Awareness Month will focus on protecting the country’s critical infrastructure, since disruptions to systems that provide power, water, health services or other crucial resources “can have significant and even catastrophic consequences for our nation.”

The increasing use of internet-facing industrial control system (ICSs) has already put many organizations at risk of malware and other cyberthreats. The final week of NCSAM will highlight the roles users can play in keeping infrastructure safe, leading the transition into November’s Critical Infrastructure Security and Resilience Month.

Even after October ends, NCSAM encourages companies and consumers to actively engage with cybersecurity topics by using tools available through the STOP. THINK. CONNECT. campaign or leveraging EDUCAUSE’s NCSAM Resource Kit, which includes planning guides, posters and international support links. To address the critical role of humans in cybersecurity, the National Cyber Security Alliance recommended using free employee training resources from partners such as ESET.

We’re All in This Together

This past year saw attackers taking advantage of the growing cybersecurity skills gap to infect devices with cryptojacking malware, spam users with macro-enabled phishing emails and hijack poorly protected Internet of Things (IoT) devices to create powerful botnets. NCSAM 2018 recognizes the critical need to encourage and train the next generation of security professionals by teaching them cyber skills early, demonstrating the value of information security jobs and shoring up the shared responsibility of cybersecurity in the workplace. Finally, NCSAM considers the evolving impact of national infrastructure attacks and how the public at large can help mitigate potential threats.

This year’s overarching cybersecurity theme is clear: We’re all in this together, and we can’t do it alone. Effective defense demands a team effort where employees, enterprises and end users alike recognize their shared role in reducing cybersecurity risks.

Listen to the podcast

More from CISO

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…