October to Focus on Ghosts, Goblins and Cybersecurity Threats


October is National Cybersecurity Awareness Month, and it’s going to be busy.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys

October has always been the scariest month. The days are getting shorter, the first hint of winter sneaks into our lives again, trees turn into skeletal remnants of their glorious summer silhouettes, and of course there’s a mix of fright and fun as Halloween creeps ever closer. All of that kind of makes October an odd choice for Department of Homeland Security to declare it National Cyber Security Awareness Month.

But then again, with major breaches like the one at Equifax potentially touching half the population of the United States, with millions more victims just identified, cybersecurity threats can be pretty frightening, and certainly serious.

DHS has been doing this since 2013, though it kind of existed in a sort-of stealth mode for a long time. Other than some Twitter posts, there was not really a lot of meat on the cybersecurity bone. The government is trying to change that this year, with a lot more activities and resources devoted to increasing cybersecurity awareness and training across the board, from basic tips to the exploration of advanced concepts like critical infrastructure protection.

According to this year’s website, “National Cyber Security Awareness Month (NCSAM) is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.”

Given the state of the world, having a sort-of cybersecurity minutemen organization, with all of us involved and recruited, is not a bad idea. To aid in our training, DHS will be putting out a series of helpful articles through a free newsletter all month, and also on their Stop, Think and Connect blog and website.

Some people, like vice president of technology for BeyondTrust Morey Haber, question whether the government’s cybersecurity outreach efforts will do any good. He writes in his company’s blog, “It’s really surprising that the US government would even ‘need’ to run a marketing campaign to highlight the cyber tragedies we see in the news every day.” And in one sense, I must agree with him. There is simply no excuse for anyone not to have at least a basic understanding of what constitutes good—and decidedly bad—cybersecurity practices these days.

Case in point, the Equifax hack allegedly involved a public-facing server where the user name was Admin and the password was possibly the worst of all possible choices: “Password.” Even among the dying security prospects offered by single-authentication login practices, that is about as weak as it gets, and certainly not appropriate given the type of information Equifax was protecting. The words “criminal” and “negligence” come to mind. Because some numbskull didn’t know or care about even basic cybersecurity protection, half of all Americans are going to be subject to potential identity theft problems and annoying fake charges against our accounts for the foreseeable future.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Given examples like that, we really do need to start with basic knowledge transfer and work up to higher concepts. If DHS can educate even a few people on how to protect themselves, their businesses and their customers, then whatever effort the agency puts into their October outreach activities will have been worth it.

And kudos to DHS, as they have a robust batch of topics planned, starting with simple steps users can take to increase their online safety, and tips on ways to better protect the American workplace. After that, things get even more interesting, with several advanced subjects on the docket. I am particularly interested in the mid-month activities centering on emerging technologies like The Internet of Things and its inherent dangers. And the final two days of the month are devoted to protecting critical infrastructure from cyber threats, which demands focus. Otherwise, it’s just a matter of time before some attacker crashes the power grid or other critical services, something I’m surprised hasn’t already happened.

By focusing on cybersecurity, the government is on the right track toward combatting some of the threats levied against our nation. These may be small steps, but every great journey begins that way. Homeland Security is asking for help in promoting their efforts and partnering with them to raise awareness about how we can all better protect ourselves and our nation. I did my part, signing up my company, the Tech Writers Bureau, to help however we can. Perhaps each of you, as individuals or organizations, will consider doing the same.