The famous saying, “Once you have accepted your flaws, no one can use them against you,” brings to mind the sense of ownership that we lack which can be transformed. In cyberspace, most of the web is filled with flaws or vulnerabilities that are exploited and imperfections displayed by human error. All this must be addressed so no human error or phishing attempt leads to a successful cyberattack.
October which is celebrated as Cyber Security Awareness Month sees researchers and other professionals promote digital security.
Flaws and insider threats, both contribute to cyberattacks, as seen in the MOVEit vulnerability exploitation and the Uber hacking that could have been avoided. So far, over 2,000, predictably secured organizations have been battling lawsuits and curbing user data leaks.
All while the culprit, either a teenager from the Lapsus gang or hackers from the Clop ransomware group treads the online world and outside, scathe-free. It is these actions and the countless encounters in the past that encouraged legal agencies to observe and celebrate Cyber Security Awareness Month in October, each year.
US Government Agencies and the Spirit of Cyber Security Awareness Month 2023
Besides the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity & Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST) has planned activities to create awareness.
This is in keeping with the spirit of the Cyber Security Awareness Month 2023. NIST is the government agency responsible for bringing about innovation and better technological support that toils to make America great again.
Founded in 1901, NIST offered several helpful resources including the NIST cybersecurity framework released recently. It tries to increase clarity about risk management, supply chain management, vulnerabilities, regulatory requirements, and other complex needs.
Keeping in mind the growing impact of supply chain attacks and third-party vendor breaches, the NIST Cybersecurity Framework can help businesses all small, medium, and large, as aptly put in a Federal Trade Commission article.
Cyber Security Awareness Month Campaigns by NIST
Cybersecurity can be considered daunting to follow completely. However, seeing the statistics of cyberattacks, it could be gathered that most breaches could have been avoided with simple online security measures.
Over 3.4 billion spam emails are reported to be sent every day by scammers, increasing the risk of phishing attacks and credential hacking. More than 24 billion passwords were hacked by cybercriminals in 2022. With cybersecurity going on a toss with such figures, it is understood government agencies have been trying to simplify cybersecurity.
NIST published the first standardized encryption algorithm – the Data Encryption Standards in 1977 and was affirmed by the US Congress as lead for the National Initiative for Cybersecurity Education (NICE).
To bolster security efforts among people while making it as fun-filled as possible, NIST planned the following events for the month of October. These events invited participants to provide feedback, learn, and share resources among family, friends, colleagues, and NIST throughout Cyber Security Awareness Month. They are –
- Workshop on Block Cipher Modes of Operation on October 3 and 4.
- Inviting media content from professionals to depict what they love about #mycyberjob on October 16 through 21.
- Cybersecurity Career Week from October 16 to 21, 2023 to highlight cybersecurity careers and education to pave the path to a diverse workforce.
- US Cyber Team Draft which will be held both virtually and in-person filled with games, Season III US Cyber Team, and Season II athletes to further promote professionals in cybersecurity. This will be held on October 16.
- #CyberCareerChat on October 17 to be open on social media to give all answers posed to the NIST team.
- International Tour of Cybersecurity Careers which will witness stories shared by current practitioners to be held on October 17.
- NICE Webinar on Cultivating Cybersecurity Leaders on October 18.
- Regional Initiative for Cybersecurity Education Conference live-streamed in English, Spanish, and Portuguese on October 19.
- Information Security and Privacy Advisory Board (ISPAB) meeting as amended for information security pertaining to the Federal government on October 25 and 26.
CSAM 2023 – Four Easy Steps Promoted in the Cyber Security Awareness Month Campaign
Having wordy and complex cybersecurity guidelines may not be perused by every user of the online world. To make cybersecurity understood and easily applied by organizations and individuals alike, CISA shared the enduring theme of Secure Our World for this year’s and future awareness month campaigns.
The four easy steps when followed by each individual across nations and professionals across sectors can bring down cyber attacks to a large extent. Echoing the sentiments, Chad Boutin, a Science Writer who has been working with NIST for 15 years told The Cyber Express, “We understand that the world of cybersecurity is complex – but there are some simple steps that people can take to stay secure online.”
“Like, use multi-factor authentication, use a password manager, update software, recognize phishing attempts, and think more about password length than about password complexity,” Chad added.
These steps are an effort and convey the general sentiment behind the ‘easy to stay safe online’ statement…it’s easy to at least take a few basic steps to secure your accounts, Chad further added.
Addressing the question about what is the end goal that NIST looks for from the tremendous CSAM 2023 campaigns, Chad said, “NIST is ultimately working to help cultivate trust in technology.” This trust, the Science Writer elaborated was to be built along the way, and step by step.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.