Just as cybersecurity threats have grown in scale and intensity over the past two decades, awareness efforts have evolved to reflect the current security challenges we face as a nation and global citizens. Cybersecurity is no longer just about updating antivirus software or being cautious online. It now involves navigating a new wave of increasingly complex and insidious threats to our cybersecurity that extend into physical security. Addressing these challenges is not a task for a few, but it requires coordinated and collective action from government, industry and the public. Each one of us has a role to play in this collective defense.
Secure Our World
In 2004, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance launched Cybersecurity Awareness Month, dedicating October to collaboration between public and private sectors. This initiative emphasizes that businesses, the government and consumers all play vital roles in cyber defense and raises awareness about practicing cyber resilience together.
CISA’s ongoing awareness program, themed “Secure Our World,” provides education and resources to a variety of audiences. While awareness is foundational to this campaign, there is a growing emphasis on taking daily actions to mitigate the ongoing risks associated with networked devices, applications and digital assets in our connected world.
CISA’s “Secure Our World” messages have successfully generated national and global discussions about cyber threats. As technology advances, more collective action will be necessary. Education, training and awareness programs equip citizens with the resources they need to stay safe online, and taking action is the next critical step.
Cybersecurity Starts at Home
In the government sector, cyber resilience is crucial, yet our homes and families are often overlooked in discussions of cyber protection and can be the weakest link in the cyber ecosystem. While awareness is important, we also need actionable steps that empower everyone to translate that awareness into practice.
Cybersecurity Awareness Month 2024 focuses on four steps businesses and consumers can take to improve online safety:
- Use strong passwords and a password manager
- Enable Multi-Factor Authentication (MFA)
- Recognize and report phishing attempts
- Keep software updated
Though these steps may seem straightforward, they come with challenges.
Evolving Threat Landscape: Distributed Work Environments and Sophisticated Attacks
Cybercriminals are becoming increasingly sophisticated, breaking historically secure solutions and inflicting damage on vulnerable organizations across various sectors. IT leaders struggle to maintain effective defenses against emerging threat vectors, as technology evolves.
The rise of distributed remote work environments has exponentially increased the number of endpoints and remote locations – such as home offices, websites, applications and systems – requiring identity verification, access controls and full end-to-end encryption. With cloud services and remote users, the traditional network perimeter has vaporized, exposing more attack surfaces within organizations.
A global survey of more than 800 IT and security leaders reveals that cyber attacks are becoming more complex, with 95% of respondents stating that cyber attacks are more sophisticated than ever before. Additionally, 92% of IT leaders report that cyber attacks occur more frequently now than they did a year ago. In 2024, security is proving to be increasingly complex with higher stakes than ever.
The rise in remote work and advancements in Artificial Intelligence (AI) have further amplified the believability and frequency of social engineering attacks and other cyber tactics. For example, AI-generated voice cloning has become remarkably accurate and can be generated in real-time, making it easier than ever for cybercriminals to deceive their victims.
Turning Cybersecurity Awareness into Action
The human element is often the most error-prone element of the attack chain. Verizon’s 2024 Data Breach Investigations Report reveals that 68% of breaches involved a non-malicious human element, such as a person falling victim to a social engineering attack or making an error. A multi-faceted approach is essential for enterprises to translate awareness into action:
- Implement strict access controls: Ensure employees have only the access necessary to perform their duties to reduce access to an organization’s sensitive data and accounts and minimize the opportunity for lateral movement by an attacker.
- Regularly review and update permissions: Align access rights with current job functions and organizational changes. Regularly reviewing permissions and promptly revoking access that is no longer needed due to transfers or departures helps to mitigate risks.
- Utilize a Privileged Access Management (PAM) solution: Secure and monitor access to sensitive systems and data to reduce the risk of cyber attacks and defend against both internal and external threat vectors.
- Adopt a zero-trust security model: Continuously verify the identity and authorization of every user, regardless of their location or device. This model prioritizes the principle of ‘never trust, always verify,’ necessitating continuous validation of every user, device and connection to address insider threats and other cyber risks.
Working Together – Toward a Safer Future
As the threat environment escalates with emerging technology and cyber warfare, action becomes the vital focus. Regulations like FedRAMP and StateRAMP, executive orders concerning zero trust and AI, and National Institute of Standards and Technology (NIST) controls, demonstrate government initiatives to strengthen cyber defenses. While enterprises and public organizations have emphasized basic cyber hygiene, privacy and data security measures for years, continued support from industry and government is crucial to elevate cybersecurity to the forefront of American consciousness.
Together, let’s make this October Cybersecurity Awareness Action Month.
Ad