October was declared National Cybersecurity Awareness Month by the President of the United States and Congress in 2004 in order to raise awareness about the importance of cybersecurity and encourage collaboration between public and private sectors to prevent cyberattacks.
This year is the 20th anniversary of National Cybersecurity Awareness Month, and in recognition of this milestone, a new campaign, “Secure Our World,” is being celebrated to emphasize how individuals, families and small to medium-sized businesses can stay safe online by following four critical steps:
- Use strong passwords
- Turn on multi-factor authentication
- Recognize and report phishing
- Update software
Although it can be a daunting task, Cybersecurity Awareness Month serves as a reminder that there are a multitude of ways to keep your data protected, no matter the level of your digital skills.
Below is expert commentary from leaders in the industry highlighting the importance of cybersecurity prevention, planning and remediation.
Javed Hasan, CEO and co-founder, Lineaje
“The theme of the 20th anniversary of National Cybersecurity Awareness Month is ‘Secure Our World.’ CISA and the National Cybersecurity Alliance (NCA) are focusing on four key behaviors during the month: password management, multi-factor authentication, phishing awareness, and software updates.
It’s encouraging to see CISA and the NCA call out the importance of software when it comes to proper security hygiene — and it makes sense. On average, organizations use over 130 applications per day and the average American has over 80 apps on their phones. However, focusing on updating software alone is only the tip of the iceberg.
It takes significant effort to remediate vulnerabilities, so much so that software consumers would rather take the risk than fix the problem. The burden of creating and maintaining software has shifted too much to the right with customers bearing too much of the cost and effort.
In honor of National Cybersecurity Awareness Month, I would like to issue my own call to action for developers and security teams: focus on building better software and using a better, most robust software supply chain. We can’t expect the average individual to bear the brunt of the burden of defense. Organizations need to focus on buying secure software and doing a thorough assessment of previous software to ensure its integrity. Only then will we be able to live in a much more secure world.”
Gal Helemski, co-founder, CTO/CPO, PlainID
“Phishing remains the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. All it takes is one click on a malicious URL by an unsuspecting employee and an organization may find its security infrastructure is compromised.
At this point, identity becomes everything. This is especially important if the employee in question has administrative credentials, as the cybercriminal now has the keys to your kingdom. What’s needed is for organizations to adopt a ‘Zero Trust’ approach. This means trusting no one, not even pre-authenticated users, to begin with – and revalidating the identity for access at every stage, based on context.
As organizations mark the 20th anniversary of National Cybersecurity Awareness Month, we find ourselves living in a time where the methods, technologies and tactics used by bad actors are changing rapidly and becoming harder to resolve. Zero Trust offers a rigorous, tried and tested approach to minimize the potential for a damaging security violation. Furthermore, investing in an identity-first approach must be a fundamental cornerstone of an organization’s cybersecurity defense.”
Richard Bird, chief security officer, Traceable AI
“October marks the commencement of Cybersecurity Awareness Month, a global initiative aimed at fostering a safer digital landscape. As we delve into the nuances of online safety, it’s crucial to recognize areas that often remain in the shadows, despite their growing significance. One such area is API security.
APIs, initially the unsung heroes of digital transformation, have transitioned from being mere facilitators to becoming the linchpins of modern business operations. They enable a myriad of functionalities, from seamless integration and data sharing to crafting enhanced user experiences. Their role in connecting disparate systems, bridging data silos, and enabling rapid innovation cannot be understated.
However, with this centralization comes a double-edged sword. The very features that make APIs invaluable – their openness, accessibility, and flexibility – also make them vulnerable. As businesses deploy more APIs to cater to diverse needs, the digital terrain they must safeguard grows exponentially. This isn’t just a theoretical expansion; it’s a tangible increase in the number of potential entry points for malicious actors.
While the National Cybersecurity Alliance provides invaluable insights on general online safety, the narrative often overlooks the intricate world of APIs. Given the data from Traceable’s Global State of API Security report, it’s evident that our collective cybersecurity awareness, particularly concerning API security, is not where it should be. The data underscores the urgency: 56% of organizations emphasize that the sheer volume of APIs makes it challenging to thwart attacks.
As we advocate for a safer digital world this October, let’s ensure that API security is at the forefront of our discussions. By elevating awareness, sharing insights, and fostering a culture of continuous learning, we can collectively pave the way for a more secure digital future.”
Kevin Cole, global director of product and technical marketing, Zerto, a Hewlett Packard Enterprise company
“Cybersecurity Awareness Month serves as an important reminder for all organizations to prioritize both proactive and reactive measures in their cybersecurity strategy. Research conducted by Enterprise Strategy Group (ESG) and co-sponsored by Zerto, found a majority of organizations (65%) view ransomware as a top threat to their business. Breaches can have a lasting impact on both consumers and businesses, so efforts to mitigate ransomware attacks, limit downtime, and ensure continuous availability are key.
As threats continue to evolve, organizations must implement wholistic cybersecurity strategies that prioritize both prevention and recovery. Attackers have proven they can breach fortified security structures, so companies need a plan in place for what to do once threat actors are in. Key to this is pairing real-time encryption detection with rapid recovery capabilities in order to radically limit data loss and downtime. For even more ironclad security, immutable data vaults that combine offline clean rooms with isolated recovery environments give companies the best chance of ensuring cyber resilience. No solution is a silver bullet, but the best approach is a robust defense-in-depth strategy that covers the full spectrum of detection, protection, response, and recovery.”
Joshua Aaron, CEO, Aiden Technologies
“This year marks the 20th anniversary of National Cybersecurity Awareness Month, which aims to educate people about the value of cybersecurity and encourage good cybersecurity practices among individuals, companies and organizations.
Twenty years in, Artificial Intelligence (AI) is changing the way that many organizations operate, especially when it comes to cybersecurity. Because AI is a developing technology and we’re still understanding its capabilities, many IT organizations have hesitated to fully deploy it. However, AI has come a long way since its first incarnations. It now has the potential to offer incredible assistance to IT security teams by helping them reduce the risk of business-critical infrastructure getting compromised via misconfigured software and devices, a core focus of CISA’s cybersecurity framework.
Traditionally, managing the configuration of software and computers is very manual, prone to human error, and slow to execute, especially for overworked IT security teams. The increased use of AI and automation in cyberattacks from misconfigured environments and their improving success rates are proof that traditional methods aren’t working, and we must innovate.
AI and automation solutions for keeping computers up to date and in compliance with an organization’s security policy have proven to be extremely effective. IT security teams are able to automatically maintain good cyber hygiene, thus freeing them up to concentrate on higher-visibility, more rewarding projects without fear of the next attack.
In honor of National Cybersecurity Awareness Month, I encourage all organizations to look into how AI can help keep their critical infrastructure more secure and their data safe from threat actors; the SAFETY of our country and our commerce depends on it.”
Chris Denbigh-White, chief security officer, Next DLP
“For CISOs, preparing an organization to be cyber-vigilant is no easy feat; there are a myriad of considerations for any business serious about protecting their assets. That said, these considerations can be split into two separate — and both vitally important — buckets: business engagement and tech investment.
Educating employees at the point of risk is a powerful strategy to help build knowledge and awareness to identify and act on cyber threats effectively. From simulated phishing exercises and role-based training, creating a human firewall can fortify an organization’s defense without falling into the trap of scapegoating users.
However, this doesn’t really work without properly engaging employees; whether that’s gamifying the training or incentivizing cyber champions in your organization, cybersecurity has to be the core of your company’s culture. And not just in October.
What’s more, CISOs need the right advanced security technologies — including threat detection, behavior analytics and data loss prevention — to enhance their organization’s security posture.
This combination of organizational buy-in and employee empowerment, coupled with the investment in technology, has to be a backbone of any successful cybersecurity program. This month is a valuable time to remind CISOs of the importance of these programs.”
Samantha Humphries, senior director, international marketing and security strategy, Exabeam
“Cybersecurity is so much more than a simple ‘tick box’ exercise for companies. When done right, it can be a transformative business enabler for an organization. Not only can effective cybersecurity measures properly protect an organization’s digital assets, but they can also provide a significant competitive advantage by ensuring business continuity, providing cost savings, and facilitating innovation and digital transformation. An organization’s security environment is also tightly interwoven with regulatory compliance, which in many regions and sectors places stringent requirements on data protection. Businesses need to ensure they adhere to these rules if they wish to avoid fines, legal consequences, and damage to reputation.
Supply chain threats are a prime example, as they are often a much easier route for cybercriminals to penetrate or circumnavigate defenses. Whilst the devil is in the contractual detail, realistically security leaders must play a part in due diligence discussions around supplier risk, but also implement processes and monitoring to ensure they can detect and respond to supply chain attacks. This is ultimately part of the cost of doing business and should be seen as a business enabler, as well as a key focus from a risk and compliance perspective.
Ultimately though, too many organizations still see cybersecurity as everyone’s responsibility. While security awareness across the organization is important, a better approach is for security teams to take the time to understand the different roles, motivations, responsibilities, and business requirements of the people in their organizations. This will allow them to provide security that protects people on an individual basis without impeding their day-to-day activities. Yes, people need to be aware of risks on the internet, but it’s not their job to be security professionals. Once we better understand the employees, we can better tailor security controls, processes, and training to meet their needs.”