This year looks to be bigger than ever, due in no small part to the massive uptick in cyberattacks across the board.
October has always been one of the spookiest months. Not only do we have the ghosts and goblins of Halloween starting to creep out of their lairs, but it also starts to turn colder in much of the country. Leaves shine briefly in brilliant fall colors before dropping off of tree branches all together, turning them into skeletal representations of their former selves. Throw in a full moon, which will happen this year exactly on Halloween night, and you have the recipe for a scary month.
Perhaps that is what former president George W. Bush had in mind back in 2004 when he designated October as Cybersecurity Awareness Month. After all, not much is scarier than cyber threats these days. In the beginning, there was not much to Cybersecurity Awareness Month other than perhaps a press release or a static webpage being created. In recent years however, as cybersecurity threats have grown, the Department of Homeland Security, which took over responsibilities for awareness activities in 2013, has gradually ramped up October activities to support the program.
Today, most of the events surrounding Cybersecurity Awareness Month are handled by the Cybersecurity and Infrastructure Security Agency. And this year looks to be bigger than ever, due in no small part to the massive uptick in cyberattacks across the board.
“As cyber threats become more sophisticated, individuals and families, small and medium businesses, and large companies all have an important role to play in keeping our digital world safe and secure,” said CISA Director Jen Easterly. “This Cybersecurity Awareness Month we are asking everyone to do their part to ‘Secure Our World’ by adopting key behaviors that promote online safety and security.”
The Secure Our World theme permeates all activities this year. It looks to cover the entire gamut of online cyber activities, starting with logging in and passwords. Of course, CISA recommends the use of strong passwords, something the agency has been pushing for years during other Cybersecurity Awareness Months. But this year, they have additionally added a recommendation for multi-factor authentication, especially for important accounts like those which grant access to financial institutions or those which are frequently attacked, like social media accounts. CISA has devoted a webpage to explaining how MFA works, and how people can activate it using available tools like their smartphone to help protect their online activity.
This year also marks an increased emphasis on phishing campaigns, where attackers reach out using email or voice messaging while pretending to be someone they are not — either a representative of an organization their target works with, somebody they know and trust or even their boss. This is also an increasingly critical area because the use of artificial intelligence potentially makes gathering information and generating the scripts for phishing campaigns much easier. There is even a fear that attackers could tap into AI to help automatically launch thousands more phishing attacks than they can today without such assistance. For its part, the CISA campaign tries to educate people about how to recognize when they are being phished, and what actions to take to protect themselves from that kind of attack.
The final pillar of Cybersecurity Awareness Month for 2023 is an old but good one. A large number of the vulnerabilities on CISA’s Common Vulnerabilities and Exposures list are only exploitable when a targeted system is running old versions of software. So, CISA is really pushing people to update their operating systems, software and other programs on a regular basis this year. Ideally, CISA recommends activating automatic updates whenever possible, and also checking manually from time to time as well to see if new updates are available.
And because businesses have slightly different needs than individuals, this year they are getting their own page and activities. For the most part, the four key pillars of the event are the same for businesses, just with more of an effort to demonstrate how to effectively communicate cybersecurity goals to their employees.
Also new this year, CISA has partnered with the National Cybersecurity Alliance, an organization whose board is made up of executives from major corporations, with the goal of emphasizing the role of individuals in protecting the shared digital ecosystem from cyber threats. The NCA created a selection of resources bundled into a toolkit that both businesses and individual people can download to help strengthen cybersecurity culture in their organizations and homes. The toolkit contains posters and graphics which can be put up around an office, a template for cybersecurity awareness presentations and even email signatures which could be used to promote better security awareness. Various tip sheets are also available for download.
The agency is even hosting several cybersecurity webinars this month which are free to attend and will concentrate on how to implement the various pillars of this year’s Cybersecurity Awareness Month. The webinars are scheduled for the afternoons of Oct. 3, 10, 17 and 24.
With all of the events happening this October, Cybersecurity Awareness Month could be the biggest ever. And these efforts seem to be helping. A recent survey by the Aspen Digital Institute and the nonprofit member-based group Consumer Reports found that consumers were taking more positive steps to improve their cybersecurity and cyber hygiene than ever before. One of the key examples of those improvements cited by the survey includes using MFA, a key pillar of Cybersecurity Awareness Month this year.
Most of the scary stuff we associate with October is thankfully imaginary or, like the monsters who come by to demand candy, are just part of the fun. Cyberattacks however, are never a laughing matter. But employing better cybersecurity using tactics like those highlighted in CISA’s Cybersecurity Awareness Month this year can at least help to exorcize the worst of the real threats, leaving us free to deal with just the fun stuff — and maybe the deluge of candy — that October has to offer.
John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys