Cybersecurity Awareness Month, established in 2004 by the U.S. government, aims to enhance global awareness about the importance of cybersecurity. This effort has grown into a worldwide partnership between governments, industries, and communities, promoting daily actions to reduce online risks. The initiative’s enduring theme, “Secure Our World,” highlights four key practices: recognizing phishing attempts, using strong passwords, enabling multi-factor authentication (MFA), and updating software.
While Cybersecurity Awareness Month takes place annually in October, these actions and many more are vital year-round because cybersecurity is a global issue that requires collaboration and vigilance from everyone, everywhere, all the time.
Several executives speak on this critical topic:
Don Boxley, CEO and Co-Founder, DH2i (https://dh2i.com/):
“While virtually every organization is aware of cyber threats all year long, Cybersecurity Awareness Month serves as a great reminder of the increasing sophistication and frequency of attacks. Despite cybersecurity being a top priority for businesses around the world, many still overlook the huge risk imposed by something as simple as outdated technology. For example, virtual private networks (VPNs) were originally designed over two decades ago for a more simplistic era of networking and security. In today’s complex hybrid and multi-cloud world, they represent a significant vulnerability due to their inherent weaknesses – such as excessive trust, reliance on physical infrastructure, and lack of granular access control. In other words, a single compromised VPN can provide an attacker with unlimited lateral attack surface to gain access to a company’s entire network – including its most sensitive data.
“To safeguard against evolving threats, modernization is the key. In the case of upgrading from VPNs, software-defined perimeter (SDP) solutions should be at the top of the priority list. SDP integrates concepts like Zero Trust Network Access (ZTNA) connections to enforce a strategy of least privilege, meaning users and devices can only access the data for which they are specifically authorized. SDP also allows for application-level connectivity which minimizes attack surface and limits lateral movement within the network, further eliminating the risk of large-scale breaches. A select few SDP solutions will even increase your network throughput, benefiting your company as a significant security and performance enhancement.
“So, as you think about how you want to commemorate Cybersecurity Awareness Month this year, may I offer that the most conscientious and diligent way to do so is to simply conduct a review of your IT infrastructure and then initiate a refresh of any dangerously obsolete technology.”
DeeDee Kato, Vice President of Marketing, Foxit (https://www.foxit.com/):
“How often in your business life (or your personal one, for that matter) do you use a PDF to store, share, and/or protect the integrity of information – whether it’s a contract, financial document, or medical record? Did you have to give it some thought? That is likely because PDFs have become so very ubiquitous in our lives – with the majority holding valuable and/or sensitive information whose security is paramount. Therefore, this year, during Cybersecurity Awareness Month, I urge you to take a proactive approach to protecting these documents from unauthorized access and malicious intent.
“Let’s start with the basics. To protect your PDFs you need several common sense security features such as password protection, encryption, and digital signatures to ensure only authorized users can view or edit documents. But you cannot stop there. The ideal PDF solution must also provide advanced redaction tools to permanently remove sensitive information; as well as integrate openly with security solutions to detect, protect, and mitigate malware. And if you really want to sleep at night (and help your C-suite, legal, and compliance departments, too), your PDF solution must support compliance with data privacy and other prevailing industry regulations. In other words, with the right PDF protection in place, you can safeguard your documents, protect your business, and ultimately keep your bottom line secure.”
Larry O’Connor, Founder and CEO, Other World Computing (OWC) (https://www.owc.com/):
“Cybersecurity Awareness Month is a great time to be reminded that data security is not just one person’s or organization’s responsibility – it must be a collective effort. Likewise, your data’s security cannot be reliant on just one technology serving as protection – a multi-layered defense is the best (and perhaps only) way to ensure success.
“Certainly, data storage must play a critical role in this strategy. This means we must choose our solutions wisely. And when we are considering scalability, availability, performance, and/or price, equal consideration should be paid to protection and security. After all, data storage is about more than just keeping files… It’s about safeguarding what matters to you most – from business records to intellectual property to sensitive employee and/or customer information, all the way to our most precious personal memories. Data is more than just zeros and ones; it’s the digital embodiment of our stories, innovations, and the foundation of our future.”
Karl Holmqvist, Founder and CEO, Lastwall:
“We stand at a pivotal moment in cybersecurity, where we must confront a pressing question: ‘Are we genuinely doing enough to secure our world?’
“As the digital landscape evolves with unprecedented speed, companies are uniquely positioned to lead by crafting and deploying robust, accessible solutions. It is time to move beyond the minimum thresholds of compliance and push for fortified defenses that truly make a difference. By embracing innovative pricing models, the industry can democratize access to high-quality protective measures, ensuring that organizations of all sizes can step up their security game. The priority must be to safeguard our society.
“With the advent of post-quantum computing on the horizon, the stakes have never been higher. The protection of sensitive information and critical infrastructure demands a renewed and unwavering commitment. To build a safer future, the cybersecurity community must unite, fostering collaboration and a proactive stance against emerging threats. When we view cybersecurity as a shared duty—to protect society—we lay the foundation for real, meaningful progress. This collective resolve will be our strongest defense in navigating the challenges ahead.”
Bruno Kurtic, Co-founder, President, & CEO, Bedrock Security:
“The 21st Cybersecurity Awareness Month’s theme “Secure Our World” is a stark reminder of our shared responsibility in securing the digital landscape. Data breaches continue to escalate, with the average data breach costing $4.88 million—the highest cost ever recorded—and the number of data compromises rising to 1,571 in the first half of 2024, up 14% from 2023.
“The scale and speed of these breaches underscore a critical truth: each organization must take full accountability for the sensitive data they handle. A key first step is ensuring full visibility into where critical information resides and who has access to it. Without this, gaps and vulnerabilities, and thus breaches, multiply.
“And adapting to new challenges from modern use cases such as GenAI is essential. To prevent sensitive data leaks in GenAI LLM models, it’s crucial to understand the data, the business context, and control what data is used before it is used for GenAI training. Strong data governance and access controls enable the speed required for innovation without compromising security.
“Modern enterprises understand that cybersecurity is not just the responsibility of IT teams—it’s a shared duty across the entire organization. By embracing this mindset, we can collectively secure our world.”
Scott Kannry, Co-founder and CEO, Axio:
“As we observe the 21st Cybersecurity Awareness Month, it’s essential to focus not only on raising awareness but also on taking concrete actions to reduce cyber risks. While increased engagement from the C-suite and boards is a positive step, many organizations still face challenges in turning this awareness into coordinated and effective action.
“To truly ‘Secure Our World,’ organizations must move beyond just identifying cyber risks and concentrate on actionable strategies to mitigate them. This means fostering better communication among stakeholders, aligning on priorities that matter most to the business, and making decisions that focus on minimizing the potential impact of cyber incidents. As recent events like Crowdstrike have shown, even well-defended companies can be significantly affected, sometimes due to accidents. Thus, it is imperative to understand the ramifications of a successful attack (or accidental event) to effectively minimize business impact. Cyber Risk Quantification (CRQ) can be a powerful tool in this effort, but only when it is used to drive business decisions rather than just measure risk. Aligning stakeholders on CRQ can help bridge the communication gap and create a unified approach to cybersecurity.
“As cybersecurity threats evolve, so must our approach. Organizations that involve a broad range of voices and focus on practical outcomes will build more resilience and secure environments for everyone. This month serves as a reminder that securing our world is an ongoing effort that requires collaboration, clear strategies, and a commitment to continuous improvement.”
Shawn Waldman, CEO and Founder, Secure Cyber:
“Cybersecurity Awareness Month is ineffective. I know I might be in the minority, but as a nation, sometimes we do the same things over and over again without achieving different results—or sometimes, any result at all. I like the idea of Cybersecurity Awareness Month from an awareness perspective, but we need to do more.
“Cybersecurity is national security—let’s start there. Cybersecurity Awareness Month is focused on four things: recognizing and reporting phishing, using strong passwords, turning on MFA, and updating software. These are all high-level and essential tasks for basic security. However, what’s missing are step-by-step videos and documentation that guide the average citizen through these processes for some of the most critical apps in use today. A prime example (pun intended) is Amazon! It is likely one of the most widely used applications in most countries, possibly worldwide. Why not use this campaign to walk people through how to secure their accounts?
“Lastly, we must educate the public on how fragile our critical infrastructure is and how they can protect themselves. This isn’t fear-mongering; it’s about simple awareness and utilizing sites like ready.gov to learn how to begin the preparation process.”
Irfan Shakeel, VP Training & Certification Services, OPSWAT:
“To ‘Secure Our World,’ protecting critical infrastructure must be a top priority, requiring proactive strategies to safeguard our society’s critical systems and sensitive data. This effort must go beyond raising awareness and demand targeted cybersecurity measures vital for national security. In sectors we all rely on, such as energy, transportation, and healthcare, organizations should focus on real-world attack vectors, like SCADA system manipulation, to better understand the risks we face and enhance preparedness.
“Regular tabletop exercises simulating OT/IT breaches, strict enforcement of multi-factor authentication (MFA) and network segmentation, and active leadership in fostering a security-first culture are essential steps for readiness and resilience. These foundational measures must be continuously reinforced to maintain vigilance across the organization.
“Cybersecurity should also be embedded throughout the product development lifecycle, starting with secure coding practices and early threat modeling. Regular security reviews, vulnerability assessments, and the use of static and dynamic analysis tools ensure security is integrated from the start, reducing post-deployment risks. By embedding cybersecurity into each phase, organizations minimize vulnerabilities and strengthen overall security postures.”
Travis Howerton, CEO and Co-founder, RegScale:
“In today’s landscape of growing regulatory demands and cybersecurity threats, organizations must adopt effective strategies to manage risk and ensure compliance. During Cybersecurity Awareness Month, it is crucial to focus on best practices for automating risk and compliance to enhance your organization’s cybersecurity framework:
- Implement Continuous Monitoring: Automation remains the key to continuously monitor systems for vulnerabilities, misconfigurations, and compliance gaps. By proactively identifying risks before they escalate, organizations can maintain real-time security and minimize potential threats.
- Automate Security Audits and Reports: Automating routine security checks and the generation of audit reports is critical for streamlining compliance. Regular automated assessments help organizations stay aligned with industry standards and regulatory requirements, reducing the need for costly manual efforts.
- Integrate Risk Management into DevOps: Embedding security and compliance checks within the DevOps pipeline ensures that vulnerabilities are identified and addressed early, reducing risks and preventing non-compliant code from reaching production.
“By adopting these practices, organizations can reduce human error, improve operational efficiency, and maintain ongoing compliance with industry regulations while safeguarding their digital assets. Embracing automation in risk and compliance management is essential to “Secure Our World” and stay ahead of evolving cyber threats.”
Dale Hoak, Director of Information Security, RegScale:
“As we observe Cybersecurity Awareness Month, it’s essential to rethink how organizations approach compliance to enhance digital security. To truly “Secure Our World,” organizations must adopt a dynamic approach to Governance, Risk, and Compliance (GRC) that evolves with the changing landscape of security threats and regulatory demands. Traditional GRC methods often struggle to keep up with today’s fast-paced threat environment. The future of GRC lies in Dynamic Operational Control Management, which integrates Continuous Control Monitoring (CCM) with automation, AI, and real-time analytics to ensure robust security.
“Compliance should be an outcome of effective security practices, not a mere checkbox exercise. By leveraging existing tools to continuously monitor and automatically collect both technical and non-technical evidence, organizations can create a real-time, unified view of their cybersecurity posture. This proactive approach aligns compliance with strong security practices, reducing the need for separate, burdensome compliance efforts.
“As cyber threats grow more complex, optimizing workflows and automating incident response is crucial. Automated systems can deploy patches or alert teams for manual intervention when a vulnerability is detected, followed by validation and resolution. This not only strengthens security management but also streamlines audits and compliance reviews, making it easier for organizations to meet regulatory requirements.”
Kris Lahiri, Co-Founder and Chief Security Officer of Egnyte
“I believe in a focused approach to cybersecurity that prioritizes best practices over trying to implement too many strategies at once. The effectiveness of security protocols relies on commitment and rigor. Below are key practices to enhance an organization’s cybersecurity posture:
- Foster a culture of cybersecurity awareness with an emphasis on employee training and education on the latest threats, phishing attacks, safe online practices, and phishing simulations.
- Implement strong identity management with multi-factor authentication and network segmentation.
- Adopt a Zero Trust architecture to continuously identify verification and access privileges to sensitive data and employ micro-segmentation techniques to reduce the attack surface and limit the potential impact of a breach.
- Enhance data encryption and encrypt all sensitive data at rest and in transit.
- Conduct regular risk assessments to check systems for potential vulnerabilities.
- Invest in advanced threat detection systems that adopt a comprehensive approach to monitor for suspicious activity and potential threats.
- Develop an incidence response plan with clear protocols and designated roles. Regular internal and external drills help identify and address potential vulnerabilities before they can be exploited.”
Neil Jones, CISSP – Director of Cybersecurity Evangelism at Egnyte
“In the past, Cybersecurity Awareness Month was laser-focused on cyber-preparedness. However, as attacks have evolved and cyber-attackers have gained access to an ever-deeper well of resources in the $8 trillion per year cybercrime industry, no organization can consider itself “too prepared” for potential attacks. As a result, you need to incorporate Incident Response and Recovery awareness into your cyber-defense repertoire.
“Cost-effective ways to increase awareness and overall impact of your organization’s Incident Response program include the following:
- Developing a flexible, written plan and always keeping it up-to-date.
- Dedicating a single team to manage incident detection and response.
- Conducting simulated tabletop exercises prior to live incidents, so you can refine and improve your gameplan.
- Creating streamlined processes to notify and update your employees, business partners, and customers about potential attacks, preventing misinformation from being shared via social media and customer feedback sites.
- Incorporating processes for engaging your company’s high-level executives, legal team, outside counsel, public relations group, and cyberinsurance provider.
- Performing post-incident evaluation to prevent issues from occurring again and to learn from past mistakes.
“The recommendations outlined above are meant to supplement the proactive steps you’re already taking to prevent potential attacks and maintain your users’ productivity.”
Jason Lohrey, Founder and CEO, Arcitecta
“National Cybersecurity Awareness Month is a reminder that as data environments reach hundreds of petabytes and hundreds of billions of files, protecting data will become an increasingly difficult and complex challenge. IT leaders are shifting their focus from backup to recovery as organizations need complete and immediate data recovery with no downtime or, at most, only milliseconds of downtime to prevent criminals from holding a business and its data hostage for days, weeks, or more. New approaches such as continuous data availability represent game-changing levels of protection that actively record every significant change in real-time for every file so a user can go back to any point in time to retrieve data – quickly and without the assistance of IT. Organizations will increasingly leverage continuous data availability technology to protect data from loss and cyber threats.
“As data environments reach hundreds of petabytes and hundreds of billions of files, protecting data will become an increasingly difficult and complex challenge. Organizations need their data to be resilient and continuously available, with the ability to spring back seamlessly to reduce the risk of critical data loss and the impact of downtime, outages, data breaches, and natural disasters. Achieving data resilience at scale requires a radical new model and one that revolutionizes today’s broken backup paradigm. Traditional backup is independent of the file system, but a better approach is to merge the file system and backup as one entity. In this way, every change in the file system can be recorded as it happens, making it seamless to retrieve lost or deleted data, regardless of when it existed and across the entire time continuum.”
Lynn Dohm, Executive Director, Women in Cybersecurity (WiCyS)
“During Cybersecurity Awareness Month, messaging to already-cyber-conscious audiences is often redundant. It’s time to take a different approach—one that focuses on students and builds real connections. To cut through the clutter, we need to simplify the message and empower the next generation to see themselves in cybersecurity. This month isn’t just about raising awareness; it’s about shaping the future leaders of this field.
“Teenagers are much more likely to listen to someone closer to their age who they can relate to. They’re not going to engage with adults lecturing them about cybersecurity. To shake things up, this Cybersecurity Awareness Month, we’re showing young women that they belong in this field by mobilizing our student chapters to reach high school students directly. We’re showing them that cybersecurity is already a part of their lives and doesn’t have to be intimidating.
“We’ve developed a Cybersecurity Awareness Month toolkit, backed by our top-tier partners, that these student leaders will take into high schools, breaking down cybersecurity into simple, everyday language. Many students don’t realize they’re already practicing cybersecurity when they use things like two-factor authentication. By having peers—people who were recently in their shoes—share this message, we’re making cybersecurity feel relevant and accessible. It’s not a big, scary concept; it’s something they’re already part of.”