Security Awareness Programs & Computer-Based Training , Training & Security Leadership
Why We Should Care About Cybersecurity Awareness Month
Follow These Four Simple Steps to Stay Secure in 2024October is National Cyber Security Awareness Month, a crucial campaign led by the U.S. Department of Homeland Security that's now in its twenty-first year. This month-long effort provides best practice measures in cybersecurity and strives to help organizations and people combat today's cyberthreats.
See Also: How Active Directory Security Drives Operational Resilience
This year's theme, "Secure Our World," is a call to action to protect yourself and your business from online dangers by following four simple, effective steps. Following these steps and staying safe online is a collective effort across public and private institutions, as well as individuals.
Step 1: Recognize and Report Phishing
Scams are the most prevalent cyberthreats globally. In Asia, countries like Singapore have reported close to $400 million in losses from scams in the first half of 2024 alone. One out of four people in Thailand has been targeted by scams over the past year. Another recent report found that Southeast Asian scam syndicates steal $64 billion annually. So step one in defending against scams is recognizing and reporting phishing attacks, which can help deter other individuals and businesses from falling victim to these scams. Learning what to look for and reporting scams is key to helping to prevent cybersecurity incidents and mitigate risks.
Step 2: Use Strong Passwords
Passwords come in all shapes and sizes. Understanding the use of strong passwords in step two is essential to protecting ourselves from account takeover, leading to data or monetary loss. Statistics show the inherent risk of using weak passwords as shown in the chart below.
Step two highlights the importance of using strong passwords to deter bad actors from accessing account information and sensitive data. Employees should never reuse the same passwords over business and personal accounts. With the growing number of data breaches, there's a good chance your favorite password has already been compromised on another site.
Possibly by the end of this decade, quantum computers will be able to break the current encryption algorithms securing today’s information on the internet. This will have a profound impact on the strong password best practices, so for now, companies and individuals alike need to at least follow best practices.
Turn on MFA
The third step of is using multifactor authentication to reinforce accounts with the addition of strong passwords. Regulatory compliance mandates included below cite the need for MFA:
- The General Data Protection Regulation in the European Union requires organizations to take adequate measures to protect personal data, which often includes MFA.
- In the United States, the Health Insurance Portability and Accountability Act recommends the use of MFA to protect patient information.
- The Payment Card Industry Data Security Standard mandates MFA for systems that handle payment card data.
With the eventual development of quantum computing, the threat of breaking encryption algorithms used in today’s digital age will cause havoc across all industries and sectors, so moving to quantum-resistant algorithms is a necessary step to protecting organizations and individuals against the emerging threat. Several quantum computing consulting firms including Applied Quantum work with both public and private organizations to prepare for quantum threats by identifying vulnerable cryptographic devices, building strategic road maps for organizations to become quantum-resistant and quantum-agile, and providing education and awareness from the board level down to developers to prepare for the quantum threat.
Update software
The fourth step is to ensure your software is continuously updated. With vulnerabilities in versions of software, it is imperative that organizations and individuals patch and update to protect against these flaws that give bad actors access to files or accounts.
These cybersecurity vulnerability statistics provide important information about insecure software:
- 80% of exploits are published before the CVEs are released;
- 70% of applications contain at least one vulnerability after five years of production;
- Since 2020, there has been a 205% increase in cloud security issues in the public sector;
- 47% of DevSecOps professionals opine that the failure to prioritize vulnerabilities contributes greatly to vulnerability backlogs.
In addition to these vulnerabilities, we must all remember that hackers and scammers never sleep. They are always looking for ways to get past your defenses. Consider the following statistics from 2024:
- The average time to detect a data breach is 118 days;
- Over 75% of targeted cyberattacks started with an email in 2024, making phishing a primary vector for cybercrime;
- 98% of web applications are vulnerable to attacks that can result in malware, redirection to malicious websites and more;
- Only 38% of companies say they have made notable improvements after a breach;
- Only 29% of companies reported using MFA.
With advancements in artificial Intelligence, cybersecurity has become a boardroom issue, as AI is a double-edged sword: AI for cybersecurity is helping organizations automate tasks while using technology to advance the protection, detection and response functions of security operations. At the same time, cybercriminals are exploiting AI to create flawless phishing emails - a primary attack vector - as well as developing increasingly sophisticated malware to defeat detection and defense systems. Once quantum computing gets mature enough for commercialization, bad actors will inevitably exploit these systems to not only defeat complex systems, but also decrypt sensitive information.
National Cyber Security Awareness Month has grown into a global initiative, helping organizations everywhere secure their data and protect against today's threats. It is critical to build awareness and educate all stakeholders in securing against cyberthreats as they become more advanced and targeted.
Taking foundational steps now and ensuring a cybersecurity culture is created for organizations large and small will help us in maturing our own organizations and lives against cyberthreats.