Today marks the first day of National Cyber Security Awareness Month (NCSAM), a collaborative effort that began in 2004 as part of a joint campaign of the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS).
This year, NCSAM focuses on internet security as a shared responsibility among consumers, businesses and the cyber workforce. Let’s take a look back at the year in cybersecurity and preview what NCSAM 2018 has in store.
Looking Back on Cybersecurity in 2018
It’s been a year of transition for cybersecurity professionals and attackers alike. As noted by Forbes, cybersecurity spending in the U.S. could reach $66 billion by the end of 2018. Globally, that number will likely reach close to $100 billion by the end of the year. Total breaches are down from 2017, but attackers are changing tactics: Where servers and workstations once took priority, threat actors are now directly targeting mobile applications and users to breach networks and compromise data.
It’s also worth noting that the rate of cryptojacking scams increased by 141 percent in the past year, according to Trend Micro. And, just like in 2017, human error remains a top concern for companies: A recent CA Technologies survey found that 90 percent of organizations feel vulnerable to malicious or accidental insider attacks.
National Cyber Security Awareness Month: Week by Week
NCSAM 2018 aims to “shine a spotlight on the critical need to build a strong, cyber secure workforce to help ensure families, communities, businesses and the country’s infrastructure are better protected.” The month is divided into four week-long themes, described in more detail below.
Week 1 (Oct. 1–5): Make Your Home a Haven for Online Safety
The first week’s theme addresses cybersecurity practices in the home. Parents and caregivers teach children how to safely cross the street and avoid strangers who might cause them harm, but digital safety is often seen as less pressing. The problem is that today’s children must navigate a digital world filled with streaming content, mobile devices and on-demand access.
According to Pew Research, 77 percent of Americans now own a smartphone, nearly 75 percent own a desktop or laptop computer, and around 50 percent own tablets. Including cybersecurity as part of mainstream education is critical to nurture the next generation of tech-savvy adults.
Week 2 (Oct. 8–12): Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
The growing cybersecurity skills gap continues to challenge organizations, with 69 percent of businesses saying they’re under-resourced because they can’t find enough qualified IT staff to fill expanding security departments.
Week two of NCSAM focuses on “ways to motivate parents, teachers and counselors to learn more about the field and how to best inspire students and others to seek highly fulfilling cybersecurity careers.” To put it simply, demand exists and training is getting better; now it’s a matter of cultivating student interest.
Week 3 (Oct. 15–19): It’s Everyone’s Job to Ensure Online Safety at Work
As noted above, employees are a top cybersecurity risk for many organizations. According to Verizon’s “2018 Protected Health Information Data Breach Report (PHIDBR),” 58 percent of healthcare data loss incidents from 2016 to 2017 involved insiders. While many of these insider threats are accidental — users may inadvertently click on phishing links or access unsecured sites via personal devices on corporate networks — the results are no less damaging.
Week three aims to help users fuse cybersecurity across their work and personal lives and emphasizes the shared responsibility of employees to help manage risk and improve resilience.
Week 4 (Oct. 22–26): Safeguarding the Nation’s Critical Infrastructure
The last week of National Cyber Security Awareness Month will focus on protecting the country’s critical infrastructure, since disruptions to systems that provide power, water, health services or other crucial resources “can have significant and even catastrophic consequences for our nation.”
The increasing use of internet-facing industrial control system (ICSs) has already put many organizations at risk of malware and other cyberthreats. The final week of NCSAM will highlight the roles users can play in keeping infrastructure safe, leading the transition into November’s Critical Infrastructure Security and Resilience Month.
Even after October ends, NCSAM encourages companies and consumers to actively engage with cybersecurity topics by using tools available through the STOP. THINK. CONNECT. campaign or leveraging EDUCAUSE’s NCSAM Resource Kit, which includes planning guides, posters and international support links. To address the critical role of humans in cybersecurity, the National Cyber Security Alliance recommended using free employee training resources from partners such as ESET.
We’re All in This Together
This past year saw attackers taking advantage of the growing cybersecurity skills gap to infect devices with cryptojacking malware, spam users with macro-enabled phishing emails and hijack poorly protected Internet of Things (IoT) devices to create powerful botnets. NCSAM 2018 recognizes the critical need to encourage and train the next generation of security professionals by teaching them cyber skills early, demonstrating the value of information security jobs and shoring up the shared responsibility of cybersecurity in the workplace. Finally, NCSAM considers the evolving impact of national infrastructure attacks and how the public at large can help mitigate potential threats.
This year’s overarching cybersecurity theme is clear: We’re all in this together, and we can’t do it alone. Effective defense demands a team effort where employees, enterprises and end users alike recognize their shared role in reducing cybersecurity risks.