What we have learnt from Cybersecurity Awareness Month
October was Cybersecurity Awareness Month – a whole month dedicated to raising awareness about the importance of cybersecurity and ensuring that everyone has the knowledge and resources to stay safe and secure online.
This has never been more important than it is today. In the first half of 2021 alone there was a 93% increase in ransomware attacks compared to the same period in 2020. It is not only their frequency that is increasing but their severity too. Cyber-attacks are becoming more diverse and harder to predict as the sophistication of cybercriminals continues to grow.
The Cybersecurity Awareness Month initiative is run by Cybersecurity & Infrastructure Security Agency (CISA). This year the CISA split up the four weeks of October and offered a different theme for each. Here is a summary of what we focused on reiterating to our employees and our customers, this Cybersecurity Awareness Month:
Week 1: Be Cyber Smart
A proactive approach to cybersecurity is always best. Once hackers have infiltrated your systems, it is too late – they will already have access to your data. There are many proactive approaches that can be taken, such as security managed service providers (MSPs), but most importantly organisations should regularly monitor their IT infrastructure, from hardware and software updates to passwords and backups, to ensure that its security responsibilities are always fulfilled.
Week 2: Phight the Phish!
We have all heard of phishing, right? It is the easiest way for hackers to infiltrate your first line of defense – your employees. Typically, a fraudulent email, pretending to be a legitimate alert about something like a parcel delivery, is sent with instructions to click on a link that will actually deploy malicious software or trick someone into revealing sensitive information. It is by far the most common type of cyber-attack – in fact, it was the cause of data breaches in 36% of cases. However, to counteract the cybercriminals’ phishing scams, non-destructive phishing campaigns can be used. These determine the level of employee understanding about the risks of clicking on links they receive or find online. The results of these reports inform employers on what training their staff require to build their knowledge on how to avoid falling into the traps of a phishing attack.
Week 3: Explore. Experience. Share. – Cybersecurity Career Awareness
The increased frequency and severity of cyber-attacks means that security teams are under more pressure than ever to keep their organisations secure and, more often than not, specialised skills are required to help detect and prevent them. However, there is a big skills gap in cybersecurity, which has persisted for the fifth year running. In order to close this skills gap, more should be done to encourage young people into the tech industry. This starts with education and actively encouraging more young people, particularly girls, to pursue the higher education study of STEM subjects – especially Computing.
Week 4: Cybersecurity First
As cybercriminals continue to grow in scale and sophistication, all organisations should ensure that cybersecurity is their first priority. Organisations that hold highly sensitive data, such as the defence and financial sectors, will undoubtedly prioritise their security policies, but even the smallest businesses could fall victim to a cyber attack.
Cyber attacks can have a huge impact on your organisation. The average downtime following a cyber attack is 22 days. In this time, a significant proportion of profits would be lost as well as the potential impact on brand reputation. Every organisation, no matter its size or sector, should prioritise cybersecurity.
This Cybersecurity Awareness Month has been a valuable chance to learn more about how to stay safe online and avoid the hidden traps set by cybercriminals. Now it’s up to you to implement the advice and protect your systems. Remember: Be cyber smart, phight the phish and put cybersecurity first.
About the author
Andy Collins is Node4’s Head of Security, responsible for ensuring that that the security of posture of the business is determined by evaluating the data and the operational processes that surround it.
With over 20 years of experience in security management, Andy has previously managed Security Operations Centre teams and co-founded OmniCyber Security in 2015. He is certified in ITIL v3, CISM, CIPP/e.
Having worked across a variety of industries as a security consultant with companies such as BNP Paribas, The Mandarin Oriental and GKN Westland, he has a wealth of knowledge in Offensive and Defensive security, extensive experience in Information Security, Data Privacy and Incident Response and Knowledge across multiple domains.