October 9, 2017 By Lucie Hys 4 min read

Thanks to the largest global ransomware attack in history and other high-profile data breaches, cybercrime has been in the media spotlight more than ever in 2017. Given the volatility and rapid expansion of the threat landscape, it is critical for companies to understand and reflect on their security practices. There is no better time to do so than in October, which has been observed as National Cyber Security Awareness Month (NCSAM) since 2004.

Seven Lessons From Week One of NCSAM

Last year during NCSAM, IBM Security helped raise awareness about cybersecurity with weekly tips for everyday users. This year, we will be providing somewhat more advanced tips for security professionals every week. Below are the first seven.

1. Know Where Your Risks Are

Do you know where your risks are, or are you among 62 percent who don’t have enough information to evaluate cyber risks? Companies must shift from reactive efforts to a proactive approach to risk management. Make it a point to understand where your risks lie so you can better implement targeted processes to mitigate attacks. While frameworks are becoming the strategic tool of choice to assess risk, security products and services are still required to minimize threats.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

2. Protect Your Internal Network

Did you know that company employees are responsible for 60 percent of all digital attacks endured by enterprises? Many of the most newsworthy breaches don’t come through the front door, but from internal weaknesses. That’s why it’s critical to protect your internal network as much as you would protect your ingress and egress points.

3. Don’t Just Hear — Listen

Most people never listen — they only hear. Make an effort to listen with the intent to understand, not to reply. As the Dalai Lama once said, “When you talk, you are only repeating what you already know. But if you listen, you may learn something new.”

4. Make Cybersecurity a Priority at Every Level in the Organization

According to Inc., 60 percent of small companies are unable to sustain their business within six months of a cyberattack. Given the fact that employees outpace fraudsters as source of threats, cybersecurity should be an important matter at every level of the company, not just an IT issue. It’s time to start fostering a culture of cybersecurity within your organization.

5. Know Where and What Your Crown Jewels Are

Do you know your battlefield? Understand what and where the crown jewels in your organization are before developing a comprehensive strategy to protect them. Where is the data that, if exposed, could impact careers, business reputations and bottom lines?

6. Test and Rehearse Everything

How ready are you for a cyberattack? You can put your team and strategy to the test by visiting a cyber range such as the IBM X-Force Command Center. Running capture the flag exercises on a well-equipped cyber range can help organizations build security skills and identify gaps.

Listen to the podcast: We’re All In This Together — National Cyber Security Awareness Month

7. Don’t Use Outdated, Easy-to-Crack Hashes Such as MD5 or SHA-1

Don’t store user passwords in plain text and don’t use outdated easy-to-crack hashes like MD5 or SHA-1. BCrypt or scrypt are best to minimize impact of a data leak.

Throughout NCSAM, you can share your own tips with us by tweeting @IBMSecurity with #CyberAwareTips, and don’t forget to check back next week for seven more tips!

Illustrations by Nathan Salla.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today