What is Cybersecurity Awareness Month?
We can’t do business the way we used to. Before, you’d go into work, log onto a corporate computer (that was on the corporate network and likely plugged into an ethernet cable), maybe field some calls on a desk phone and perhaps badge out for lunch.
A few years later, it was essentially the same but with some phishing training, warnings about spam emails, and you knew not to share the corporate WiFi. However, workers today have a lot more to know.
The landscape has changed, and thus the threats that come along with it. You can now get “phished” via text (SMShing), call (Vishing) or otherwise caught in a social engineering trap. If you visit an HTTP site at work, it could mean bad news. You have to know which links to click on and which to avoid (it could be malware or malicious scripts), and you might be asked to double authenticate, use MFA or add encryption to a file before sending. And that’s just the everyday worker.
There is a lot more to be aware of now and employees are asked to have a mature understanding of online threats. Think about it. Cybercriminals are only upping their game, and if we stay in the dark – well, maybe that’s why 82% of breaches are because of human error. That number is astronomical, and yet mistakes are being made.
A breach can put the future of your business at stake. Stealing customer data or holding your files for ransome are detrimental to a business such as a retail chain, a private company, or a car dealership.
However, the stakes rise exponentially for workers in a critical infrastructure industry (water, oil, gas, healthcare, communications). Small errors can mean big consequences as the public takes the hit. Remember Oldsmar? Remember Colonial Pipeline? Remember the fact that Russia still presents a nation-state cyber threat to critical infrastructure per a recent CISA, FBI, NSA joint advisory that is only several months old? The problems are far from over.
It’s no surprise, then, that the government decided to take things into their own hands. Now, at the time many of these problems were still nascent, but even then they saw the need to defend the cyber front. The internet was past its newness and now being exploited. This was just three years after September 11th, and the world wide web was already resembling the wild west.
We saw the government step in again in 2018, when President Trump signed Risch’s Small Business Cybersecurity Legislation into Law. Then the DoD established a new security framework for defense contractors, CMMC, which you can learn more about in our blog series.
Flash forward to 2022, and the DHS announces the award of $20 million in grants to counter online radicalization and mobilization to violence. It’s time for everyone to start taking this seriously.
In 2004, the President and Congress declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data increase. In support of that aim, The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.
This year’s theme is “See Yourself in Cyber” and is focusing on the importance of cybersecurity for all.
If it’s not relatable, we won’t do it. It’s typically “the IT guy’s” job, and we count ourselves out. But that 82% error rate is not the fault of the security guys setting up our laptops (who are likely practicing safe online behaviors already). That’s us. That’s us clicking into bad emails, not securing our BYODs, using the corporate WiFi and sharing whatever bug might be lurking on our phones. So this year, when your company tells you about “even more” cybersecurity awareness – listen up.
It’s our goal to help everyone make cyber-smart decisions whether on the job, at home or at school. All month long, we’ve been sharing tips and resources on our LinkedIn on how you can achieve cybersecurity resilience. Check out our series of short cybersecurity training videos on our Youtube to stay on guard and prepared.
CMMC Model 2.0 – what you need to know. In this article we examine the new model 2.0 version of CMMC from three perspectives.
This is the second in a multi-part blog series on CMMC. You can find part one (the why, how, and what is CMMC) here. Part one of this blog series talks about why CMMC is a significant advancement in cybersecurity frameworks. Part two examines how the unique aspects of...
The first in a multi-part blog series on CMMC. You can find part two, how the unique aspects of the CMMC model are especially well suited to the individual needs of the small and medium businesses in the Defense Supply Chain (DSC), here. Why CMMC? In late 2017 the...
Advanced cybersecurity for defense contractors is under a new magnifying glass: the Cybersecurity Maturity Model Certification. As well as being a completely new way of assessing and granting certification for prime and sub...