Cybersecurity Awareness Month – Next Steps

Published by Joe D on

Were you aware that October was Cybersecurity Awareness Month, or previously known as National Cybersecurity Awareness Month? Did you also know that in 2021, Cybersecurity Awareness Month celebrated its 18th anniversary?


In 2004, the National Cybersecurity Alliance and the Department of Homeland Security CISA (Cybersecurity and Infrastructure Security Agency) adopted October as the month to raise awareness about the importance of cybersecurity and to make sure that organizations were prepared with the information necessary to appropriately protect information and infrastructure from cyber threats and attacks.


At the time of inception, these agencies recognized the growing cyber threats and knew the best defense was to arm the public with the information needed to raise awareness. Has this worked? Some may argue that, given the number of attacks and the damage caused by those attacks, that the public should be better prepared. On the other hand, consider the consequences of limited awareness or no awareness at all.


While we have made strides, there is still more work to be done. Cybersecurity awareness should not be contained to one month out of the year. The lessons learned and the attention placed on the month of October should be continued throughout the year. For example, the workforce at any organization should be made aware of evolving threats. Simulated phishing exercises should be conducted to train individuals on how to recognize a direct attack, whether that attack originates from a suspicious email or telephone call. The implementation of technology should continue to meet these evolving threats and vulnerabilities. At the moment, multi-factor authentication is one of the key controls that can be leveraged to prevent the theft of passwords and credentials.


At the end of the day, however, our best defense is an informed and trained public that is aware of these threats and understands how to prevent the unauthorized dissemination of sensitive personal and company information.

Categories: Uncategorized