Cybersecurity Awareness Month 2024

Origins of Cybersecurity Awareness Month

"Cybersecurity Awareness Month was established twenty years ago by The President of the United States and U.S. Congress as a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity.

Like last year, this year’s theme is Secure Our World. This program is designed to make cybersecurity a discipline we incorporate each and every day to protect ourselves when online or using connected devices. The program promotes best practices and behavioral change, with a particular focus on how to protect yourself, your family and your business from online threats."

- U.S. Department of Defense

Individual Risks

Personal Accountability

Across all affiliated organizations, commercial and individual risk extends to the end user and their connected devices. In alignment with this the NIST and other partnered groups main focus is on these four ways to stay safe online:

Ref: National Cybersecurity Alliance

Family Training

How Good Are Kids at Making Passwords?

Ref: NIST

Era of AI

Microsoft has been providing more cybersecurity resources this year surrounding AI and its implementation. This is the 'Era of AI' where personal interaction with artificial intelligence will ramp up significantly within all areas of online activity. So, it is vital that we begin accessing protection now and review emerging literature on the subject.

Ref: Microsoft (https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/fy25-cam-ai-safety-2024-09-23.pdf?ocid=cmmnwhh4290)

Business Risks

Potential Impact

"In 2023, IC3 received a record number of complaints from the American public: 880,418 complaints were registered, with potential losses exceeding $12.5 billion. This is a nearly 10% increase in complaints received, and it represents a 22% increase in losses suffered, compared to 2022." - Internet Crime Complaint Center

Measuring and Improving

The National Institute of Standards and Technology have created an excellent reference document titled NIST Cybersecurity Framework 2.0: Quick-Start Guide for Creating and Using Organizational Profiles, for determining "posture in terms of cybersecurity outcomes from the Cybersecurity Framework (CSF) Core." They include 'organizational profiles' which are used "to understand, tailor, assess, and prioritize cybersecurity."

Page 1 Pictured Above, Link to Complete Document Here - https://doi.org/10.6028/NIST.SP.1301

Further they added that "the organization [using the Quick-Start Guide] can then act strategically to achieve those
outcomes." This can be a wonderful tool to begin building a cybersecurity plan or at the least starting discourse on the subject of cyber sabotage within your workplace.

Ref: KnowBe4

"Did you know that 91% of successful data breaches started with a spear phishing attack?"

How do you prepare your company for a future spear phishing attack?

Schedule a Free Phishing Security Test Provided by KnowBe4

Here's how it works :

Immediately start your test for up to 100 users (no need to talk to anyone)
Select from 20+ languages and customize the phishing test template based on your environment
Choose the landing page your users see after they click
Show users which red flags they missed, or a 404 page
Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
See how your organization compares to others in your industry

KnowBe4 has additional tools available for free, and there is a link provided below.

Resources:

Cybersecurity and Infrastructure Security Agency (CISA) - https://www.cisa.gov/cybersecurity-awareness-month

National Security Alliance - https://staysafeonline.org/programs/cybersecurity-awareness-month/

Microsoft - https://www.microsoft.com/en-us/security/blog/2024/10/01/cybersecurity-awareness-month-securing-our-world-together/

KnowBe4 - https://www.knowbe4.com/free-cybersecurity-tools

U.S. Department of Defense - https://business.defense.gov/Resources/Be-Cyber-Smart/

National Institute of Standards and Technology - https://www.nist.gov/

Internet Crime Complaint Center - https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf