National Cybersecurity Awareness Month program turns 18 • The Register

If you’ve ever found yourself in an endless meeting listening to the CISO talk about the important role you play in protecting yourself and the company from cyber threats, you could probably point your finger at the National Cybersecurity Awareness Month (NCSAM) show program.

And to be fair, if you’ve ever sat at your desk staring at an email that didn’t seem right — that seemed a little off — and you decided to just close the message and notify the cybersecurity team, then probably NCSAM could nod in thanks.

Every October since 2004, the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), in a public-private collaboration, lead NCSAM to raise awareness among organizations and individuals around the world of the myriad cyber threats out there protects from them. NCA includes this message in its URL (

Over the years, the theme may change – oscillating between individual responsibility and organizational response, but the core idea behind NCSAM remains: an educated workforce is the best defense.

Curtis Franklin, senior analyst at Omdia, sees cybersecurity awareness as a broad spectrum. On one side is an employee who has little understanding of cybersecurity – “someone who out of ignorance almost welcomes threat actors into the system” – on the other side the well-trained, up-to-date security expert.

“Realistically, companies want their employees somewhere between those two,” Franklin said The registry. “The purpose of raising awareness and educating people about cybersecurity is to give them realism across the spectrum of the [left] To the right.”

This month is the 19thth Iteration of NCSAM with the theme “See Yourself in Cyber” to demonstrate that while cybersecurity is complex, CISA says it comes down to individuals. For example, users can enable multi-factor authentication, use strong passwords, detect and report phishing attempts, and keep the software up to date.

According to Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy and NCA board member, two trends that helped fuel the NCSAM declaration were the creation of the Department of Homeland Security (DHS) — which oversees cybersecurity of government brought agency – and the growing push for public-private collaboration in this area.

“That [NCSAM] nonprofit [NCA] actually already existed,” said Kalember The registry. “It was three years ago that DHS actually helped create awareness month, but it was this public-private partnership that was the other impetus alongside DHS that owns this and certainly the role to see the cyberattacks.” playing in the lives of ordinary people, which one could argue in 2004 was really at the front end of that curve.”

There are good reasons why individuals are in the crosshairs of this NCSAM. According to Verizon’s 2022 Data Breaches Investigation Report, 82 percent of data breaches involved the human element. IBM found in its Cost of a Data Breach 2022 report that the two most common first attack vectors were compromised credentials (19 percent of data breaches) and phishing (16 percent).

David Richardson, VP of Products at security service edge (SSE) provider Lookout, said The registry that his company’s figures show that between the fourth quarter of 2020 and the fourth quarter of 2021 – during the peak of the COVID-19 pandemic – exposure to phishing increased by 127 percent. Given this, CISA’s recommendation that people learn to recognize and report phishing is critical.

“Phishing attacks have evolved in technique and sophistication, but the basic approach of creating a sense of urgency or impersonating a trusted figure or authority has remained fairly constant,” Richardson said.

Proofpoint’s Kalember said that prior to 2017, exploiting known vulnerabilities was the main entrance for attacks. More recently, however, the most significant attack to exploit a CVE vulnerability was the recent Follina zero-day bug in Windows.

“Follina has been used in a very, very narrow range of targeted attacks compared to other things that rely on human vulnerabilities, like malicious macros, which Microsoft has taken some steps to circumvent,” he said. “There are many other human-powered exploits that are absolutely dominating the landscape, and that’s been the case according to our data since about 2017. … It’s human behavior that attackers are exploiting.”

So from the 19thth year, how successful was NCSAM?

“If the definition of success was cybersecurity no longer an issue, then it didn’t succeed,” Franklin said. “But that requires an unrealistic definition. If your definition of success is that more organizations are taking cybersecurity seriously, and more individuals in those organizations are taking cybersecurity seriously, then you’ve succeeded.”

A lot of money continues to circulate in safety education. Analysts at Global Market Estimates expect the cybersecurity awareness training market to grow from more than $1.8 billion this year to $12.1 billion by 2027, driven in part by the rise in cybersecurity awareness cyber attacks since the beginning of the pandemic.

Kalember added that they run programs throughout the year, not just in October, although the annual cadence is a good reminder for executives that new people have been hired over the past year and staff could probably use an update. In addition, a strong program can lower cyber insurance premiums.

According to Rick Holland, CISO and VP of Strategy at cybersecurity firm DigitalShadows, some organizations are skeptical about security awareness training. It’s not a panacea – just another tool in the kit – and it won’t prevent a well-aimed attack from a motivated opponent.

But “when training minimizes the risks of commodity attacks, it frees defenders to focus on more strategic threats,” Holland said The registry“Isn’t it also worthwhile if the training helps employees to protect themselves in their private lives?”

It’s also not always easy to sell yourself to employees. A survey of 2,000 employees in the US and UK by email security company Tessian found that 20 percent of respondents said they didn’t care about cybersecurity at work, and 10 percent said they didn’t care about it in their personal lives.

99 percent of the 500 IT and security leaders surveyed said a strong security culture is important to maintain a strong security posture. It seems like awareness training is going nowhere.

Safety awareness programs must constantly strike a balance, Kalember said. You still need to be technical – to go beyond the “think about it before you click” message – but not so much that employees lose interest. And they have to deal with modern threats, e.g. B. how easy it is now for cybercriminals to spoof other people or companies such as third-party or cloud providers in the phishing emails they send, making it harder for employees to detect the threat.

Such threats reinforce the need for NCSAM and security awareness training programs, he said. There are now more remote workers running their home WiFi networks and various Internet of Things devices, and ransomware remains highly disruptive. Furthermore, after all these years, email remains the primary way people communicate and send data back and forth.

Given that, the need for NCSAM isn’t going away anytime soon, Kalember said. Still, it would be good to see NCSAM reporting move away from the technical and more into the personal. Much of the enterprise technology in use today is more secure by default.

“Hopefully it’ll be more about things like social engineering because the other thing that the average person will sadly run into again are the things we don’t talk about enough in cybersecurity because we’re talking about fancy stunt hacks and APTs want , like love scams and all sorts of common things that make all of that work,” he said. “Corporate email compromises, for example, wouldn’t work so well in terms of bill fraud if they didn’t have a bunch of bank accounts, that belong to people who are in really unhappy digital relationships that they can abuse to move that money.”

“That human vulnerability will always be there and I think that’s why this will be relevant long, long into the future.” ® National Cybersecurity Awareness Month program turns 18 • The Register

Rick Schindler

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button