Download this article in PDF format.
After setting an all-time high of 1,862 data compromises in 2021, bad actors took their foot off the gas a bit in 2022 and pulled off 60 events less than that record number. Still, 1,802 compromises took place last year, including 1,774 data breaches, 18 data exposures and 10 “unknown” compromises. In total, more than 422 million victims fell prey to cybercrimes during that 12-month period.
“Regardless of an organization’s size, everyone is vulnerable to cyberattacks and data breaches,” the University of Delaware points out. “Every day, cybercriminals come up with new and creative ways to steal private or sensitive information that they can then leverage for money.”
This year is no different. Through July 2023, there have already been 694 data breaches and multimillions of records breached. Healthcare and education tend to be the biggest targets, but any organization that stores, manages and uses data may be vulnerable to these bad actors.
Knowing this, the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance have dedicated October as “Cybersecurity Awareness Month.” The goal of the program is to bring attention to the fact that 1) cybercrimes are becoming more sophisticated and widespread; and 2) there are steps that organizations, governments and individuals can take to avoid becoming victims of these attacks.
Taking Control of the Situation
A government-private industry collaboration, Cybersecurity Awareness Month is all about raising awareness regarding digital security and empowering everyone to protect their personal data from digital forms of crime. The Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance partner to create resources and communications for organizations to talk to their employees and customers about staying safe online.
“While most of the cybersecurity news articles are about massive data breaches and hackers, it can seem overwhelming and feel like you’re powerless against it,” the groups say. “But Cybersecurity Awareness Month reminds everyone that there are all kinds of ways to keep your data protected. It can make a huge difference even by practicing the basics of cybersecurity.”
This year marks Cybersecurity Awareness Month’s 20th anniversary and the theme for 2023 is “Secure Our World.” Cybersecurity Awareness Month 2023 and Secure Our World will focus on these key behaviors: using strong passwords and a password manager; turning on multifactor authentication; recognizing and report phishing; and keeping your software updated.
4 More Year-Round Cybersecurity Tips
Here are four more steps you can be taking year-round to ensure the highest possible levels of cybersecurity:
1) Develop creative, complex passwords. No matter what accounts they protect, all passwords should be created with these three guiding principles in mind, according to CISA and the National Cybersecurity Alliance:
- Long – All passwords should be at least 12 characters long.
- Unique – Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured.
- Complex – Each unique password should be a combination of uppercase letters, lower case letters, numbers and special characters (like >,!, ?).
2) Use artificial intelligence to enhance security. Email attacks are becoming increasingly difficult to detect, especially as more cybercriminals begin to weaponize generative AI to craft unique and personalized messages that no longer include the telltale grammar and syntax mistakes of the past, according to SC Media. “Instead of relying on looking for known indicators of compromise, products that leverage behavioral data science and AI can profile and baseline good behavior to detect anomalies—even among socially-engineered emails that appear highly legitimate.”
3) Get executive leadership onboard. Infosecurity Magazine says the most important aspect of security culture is for C-suite executives to set the tone for the rest of the organization. “Employees must understand that they all have a role in mitigating risks and maintaining their organization’s security resilience,” it adds. “A strong message from the CEO at an organization’s town hall can emphasize the significance of security awareness training and how cybersecurity affects the goals and operations of the organization.”
4) Practice “security hygiene.” Do employees at all levels know how to report phishing appropriately? And if so, how often do they do it? “Using questions like these as metrics will help paint a picture of how top-of-mind security is for employees, let security leaders know how often training needs to be performed to mold best practices and bring clarity to the strengths and weaknesses of an organization’s security culture,” Infosecurity Magazine advises. You can also use “tabletop exercises” to simulate real-world cyber incidents and to identify flaws or weaknesses. Use the results of those exercises to adjust your cybersecurity strategies accordingly.
