Cybersecurity is never far from the headlines, whether that’s in data breaches like the one that Equifax suffered or ransomware attacks that hold files hostage. It can all seem a bit overwhelming, but there are plenty of tools and resources businesses can tap to enhance their cybersecurity defenses.
This month, expect to hear a lot about them. The Department of Homeland Security and the National Cyber Security Alliance (NCSA), a public-private partnership, have for the past 14 years been using October to annually mark National Cyber Security Awareness Month (CSAM). The month’s core message, according to the alliance, is that “the internet is a shared resource and securing it is our shared global responsibility.”
For businesses in particular, the NCSA says that the top threats they face include ransomware attacks, Internet of Things (IoT) vulnerabilities and insider attacks. In addition to defending against those dangers, businesses must confront emerging ones, including from artificial intelligence and the growing interdependence between different kinds of data, according to Michael Kaiser, NCSA’s executive director.
Explore Multiple Facets of Cybersecurity
The month is broken down into weeks, each with its own theme that DHS, the NCSA and its partners will highlight with events and advice. Here is a quick breakdown:
- Week 1: Oct. 2-6 — Simple Steps to Online Safety
This week will highlight how businesses and citizens can take simple steps to improve cybersecurity. The alliance will promote its “Stop. Think. Connect.” campaign to encourage users to stop and make sure security measures are in place, think about the consequences of their actions and behaviors online, and still connect with and enjoy the internet. The week will spotlight the top cybersecurity concerns for consumers, provide simple steps to protect against these concerns and explain how consumers can respond if they fall victim to a cybercrime.
- Week 2: Oct. 9-13 — Cybersecurity in the Workplace Is Everyone’s Business
This week will focus on why every organization, large or small, needs a plan for employee education, training and awareness that emphasizes risk management, resistance and resilience. The week will showcase how businesses can protect themselves, their employees and customers against common cybersecurity threats. It will also promote resources that can help organizations strengthen their IT security resilience, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Week 3: Oct. 16-20 — Today’s Predictions for Tomorrow’s Internet
The third week of the month will explore how the Internet of Things presents both new opportunities and new threats. Personal data is the fuel that makes smart devices work, the alliance notes, and it is critical to understand how to use cutting-edge technology in safe and secure ways.
- Week 4: Oct. 23-27 — The Internet Wants You: Consider a Career in Cybersecurity
According to a study released earlier this year by the Center for Cyber Safety and Education, by 2022, there will be a shortage of 1.8 million information security workers. The alliance will use this week to encourage students and professionals to explore cybersecurity as a viable and rewarding profession.
- Week 5: Oct. 30-31 — Protecting Critical Infrastructure from Cyber Threats
The last few days of the month will focus on how to build resilience into critical infrastructure, including electric grids, utilities, financial systems and transportation networks. The theme of this week transitions into Critical Infrastructure Security and Resilience Month in November, highlighting the tie between cybersecurity and the country’s critical infrastructure.
Feds Push Ahead on Cybersecurity Efforts
President Donald Trump issued a proclamation on CSAM and noted that his executive order on cybersecurity is designed to “help secure Federal networks that operate on behalf of American citizens, improve coordination with industry to protect the critical infrastructure that maintains our American way of life, strengthen our cyber deterrence posture, and promote the development of a highly capable and sustainable cybersecurity workforce.”
The executive order, which the administration released in May, takes a risk management approach to cybersecurity and will force agencies to better understand their IT assets and data. The order is focused “on the critical aspects of the way cyber is underpinning the national security, the economic well-being and the health of the nation,” according to Rob Joyce, the White House’s cybersecurity coordinator. It is organized around four major pillars: federal cybersecurity; protecting critical infrastructure; the international norms, deterrence and relationships needed for a healthy cybersecurity ecosystem; and developing a stronger federal cybersecurity workforce.
DHS says that its Cyber Security Division “will be sharing helpful cyber tips” throughout the month to help citizens become more #CyberAware and safe. DHS is also hosting numerous events throughout the month on cybersecurity.
Federal agencies, like businesses, need to commit to “maintaining and modernizing” IT to keep it secure, Kaiser says. That’s “probably a place where more work needs to be done.”
To help with that work, in September the Senate included the Modernizing Government Technology Act as part of a third set of amendments to the annual Defense Authorization bill. It is unclear if the MGT Act will be included in the final version of the bill. The MGT Act would allow agencies to put money they have saved with IT into working capital funds, which can be accessed for up to three years, to fund future efforts to modernize technology.