Celebrate 20 Years of Cybersecurity Awareness Month and Let’s Secure Our World Together
Blog Article Published: 10/20/2023
Originally published by Microsoft Security.
Written by Vasu Jackal, Corporate Vice President, Security, Compliance, Identity, and Management.
This year marks the twentieth anniversary of Cybersecurity Awareness Month, when we partner with the National Cybersecurity Alliance, the United States Cybersecurity and Infrastructure Security Agency (CISA), and organizations around the world to amplify the importance of cybersecurity best practices and how to be cybersmart. Initially, this moment started as a United States national awareness initiative and has grown to a global moment. Rightfully so, with a worldwide skills gap of 3.4 million cybersecurity workers, and the increasing sophistication of cyberthreats, security professionals are overloaded and often do not have the time to educate their organizations on how to stay secure. Given this, we are delighted to help the present and future generations of cyber defenders with educational tools to stay safe.
Why is cybersecurity awareness and education critical?
To understand the importance of exercising cybersecurity awareness with your entire organization, consider these stats:
- The average cost of a data breach in 2022 was USD4.35 million.
- The median time for an attacker to access your private data through a phishing email is 1 hour and 12 minutes.
- 15 percent of lifestyle apps are malicious.
- There are 4,000 password attacks per second.
As security awareness is ultimately about managing human risks, companies can go a long way by offering cybersecurity educational and skilling resources. For example, multifactor authentication can prevent 99.9 percent of attacks on accounts and it starts with educating our teams about the importance of multifactor authentication.7
An example of a best practice for cybersecurity awareness is the Campari Group, where the security team adopted a structured approach to educate the rest of the company on cyber defense. Every new employee receives a welcome email that provides practical information and resources about the company’s cybersecurity policies and training so they can help manage threats from the first day on the job, besides hosting a series of monthly security awareness campaigns.
Here are some of the key areas where we are focused on educating users this month—and all year round—that you can explore more by downloading our Be Cybersmart Kit.
Protect your devices
It is vital to protect your internet-connected devices by keeping your software current with the latest security updates. To help keep your devices safe:
- Set up automatic updates to make the process smoother and decrease the risk from ransomware and malware.
- Carefully check privacy and security settings to ensure they’re set to your desired level of information-sharing any time you sign up for a new account, download an app, or acquire a new device.
Passwordless is the key
Hackers don’t break in—they sign in. So a good way to protect one of attackers’ most common entry points is by going passwordless with authentication solutions. For when passwords are needed, there are a few steps you can take to be safer:
- Use your browser’s password generator to create stronger passwords.
- Length—at least 12 characters—matters more than complexity, and a password manager can help you keep track.
Multifactor authentication is a must-have
Multifactor authentication can protect 99.9 percent of the attacks in your accounts by offering stronger security than relying solely on passwords. Check your devices, apps, and account settings to enable multifactor authentication, such as two-step authentication or biometrics.
Phishing only works if you take the bait
1 hour and 12 minutes is the average time for an attacker to access your private data if you fall victim to a phishing email. Complacency can lead to clicking on a malicious link in an email, phone message, or social post. So, how can we avoid taking the bait?
- Check the sender’s email address for verifiable contact information and phishing tip-offs such as an unrelated sender address. If in doubt for any reason, do not reply.
- Don’t click on links or open email attachments unless you have verified the sender.
Security is important for every customer size
While following security best practices goes a long way toward keeping your employees, customers, and data safe, we know this effort takes a village and should permeate organizations of all sizes. Small and medium businesses face an even more challenging landscape—increasing cyberthreats, along with a lack of sophisticated security solutions and limited security staff, making them particularly vulnerable. In 2021 for example, 82 percent of ransomware attacks targeted small businesses, with the total cost of these cybercrimes reaching USD2.4 billion.
You can find many more best practices and educational resources for organizations of all sizes in our cybersecurity awareness website, including infographics to share with your organization on how to be cybersmart regarding phishing, scams, passwords, and devices.
Celebrate cybersecurity awareness all year round
Cybersecurity Awareness Month holds special significance globally as it brings together industry, academia, and government with a united mission to keep our users safe. However, as I have said before, it is vital that we implement cybersecurity awareness and education all year round.
Cybersecurity Awareness Month is more than an opportunity to refresh your cybersecurity savvy and learn new security skills. It’s a reminder of how collectively we can achieve more and make the world a safer place. Explore our Cybersecurity Awareness Month resources, including learning paths, certification opportunities, and the latest threat intelligence insights and cybersecurity innovations. Happy Cybersecurity Awareness Month!
Trending This Week
#1 What are the Most Common Cloud Computing Service Delivery Models?
#2 How ChatGPT Can be Used in Cybersecurity
#3 Understanding Identity and Access Management IAM and Authorization Management
#4 Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist
#5 101 Guide on Cloud Security Architecture for Enterprises
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.