In 2004, distributed denial of service (DDoS) attacks were common and those types of attacks were doubling every few months. eBay was hacked and 233 million user records were stolen. Domino’s Pizza was undergoing a ransomware attack. The U.S. Secret Service was helping discover the identity of the hackers that managed to hack into P.F Chang’s point of sale machines. One couldn’t go a week without hearing about another breach or incident.
In the same year, the President of the United States, George W. Bush, and Congress declared October Cybersecurity Awareness Month. The goal was helping individuals protect themselves online as threats to technology and confidential data become more commonplace. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.
So did breaches and incidents completely go away? Obviously not, but organizations are continuing to battle individuals, small groups, and state-sponsored hackers that initiate these attacks. Here are some interesting articles providing insight into this battle:
- Global Cybersecurity Spending To Exceed $1.75 Trillion From 2021-2025
- 2021 saw a 53% spike in hours spent on training
- Security Awareness Training Market To Hit $10 Billion Annually By 2027
The Battle Continues
This year’s Cybersecurity Awareness Month campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, recent phishing attacks make it clear that it’s really all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job or at home.
Throughout October, along with all the great work from CISA and NCA, we’ll share some insights and highlight key action steps that everyone should take, including:
- Enable Multi-Factor Authentication (MFA)
- Use strong passwords
- Recognize and report phishing
- Update your software (endpoints and infrastructure alike)
NIST’s National Initiative For Cybersecurity Education (NICE) program provides a large list of free and low-cost cybersecurity training for career and profession development, education training and curriculum, employee awareness training, and K-12 education and games:
CISA (Cybersecurity & Infrastructure Security Agency) also provides resources for federal employees, critical infrastructure operations, cybersecurity professionals (non-federal) and the general public:
The Incident Response Training (https://www.cisa.gov/incident-response-training) is particularly interesting for practitioners since most focus on what to do to prevent an incident but have very little planned for what happens once an incident occurs.
Stayed tuned for weekly blogs covering the four actions that each person can take to ensure that your personal and professional data and identity stay safe.