Cybersecurity Awareness Month this October is a chance for organizations to dedicate resources and communications to help keep their customers and employees safe online.

“During Cybersecurity Awareness Month, we highlight the importance of safeguarding our Nation’s critical infrastructure from malicious cyber activity and protecting citizens and businesses from ransomware and other attacks,” said President Joe Biden in his Sept. 30 proclamation on Cybersecurity Awareness Month 2022. “We also raise awareness about the simple steps Americans can take to secure their sensitive data and stay safe online.”

Each October the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA) promote a collaborative effort between government and industry key players to raise cybersecurity awareness, both at home and abroad.

2022 Cybersecurity Awareness Month Theme: See Yourself in Cyber

This year’s Cybersecurity Awareness Month 2022 campaign theme is “See Yourself in Cyber.”

“This year’s campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people,” said the CISA. “This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future.”

The NCA says that headlines about massive data breaches, ransomware, and hacks can make cybersecurity seem like an overwhelming issue that the average person is powerless to confront but in truth “it’s easy to stay safe online.”

“Cybersecurity Awareness Month reminds everyone that there are all kinds of ways to keep your data protected. It can make a huge difference even by practicing the basics of cybersecurity,” said the NCA.

Focus of Cybersecurity Awareness Month is on 4 Key Behaviors

The focus for Cybersecurity Awareness Month 2022 is on four key behaviors:

• Enabling multi-factor authentication
• Using strong passwords and a password manager
• Updating software
• Recognizing and reporting phishing

“Everyone has a right to a safe internet, so let’s remember to #BeCyberSmart,” said the NCA.

CISA explained actions for the four key behaviors:

See Yourself Taking Action to Stay Safe Online: Employees and customers are encouraged to practice basic cyber hygiene practices such as:

o   Updating software

o   Thinking before clicking

o   Using good, strong passwords or a password keeper

o   Enabling multi-factor authentication on all sensitive accounts

See Yourself Joining the Cyber Workforce: Leaders want to build a cybersecurity workforce that is bigger, more diverse, and dedicated to solving the problems that will help keep Americans and U.S. businesses safe.

See Yourself as Part of the Solution: Organizations must put operational collaboration into practice, working together to share information in real-time, reduce risk and build resilience from the start to protect America’s critical infrastructure and the systems that Americans rely on every day.

Cybersecurity Awareness Month More Important Each Year

The need for Cybersecurity Awareness Month has grown exponentially in importance since it was started in 2004 as breaches and hacks have become more commonplace.

“Unfortunately, despite global efforts, every subsequent year the numbers get worse and show that we are far from being able to mitigate and contain the numerous cyber-threats targeting both industry and government,” write Chuck Brooks in Forbes in June 2022.

ThoughtLab studied the security practices and performance of 1,200 large organizations across 14 different sectors and 16 countries and found that the number of material breaches suffered rose by 20.5 percent from 2020 to 2021.

Cybersecurity budgets, as a percentage of firms’ total revenue, jumped 51 percent as cybersecurity “became a strategic business imperative, requiring CEOs and their management teams to work together to meet the higher expectations of regulators, shareholders, and the board.”

Cyberattacks Expected to Get Worse in Next 2 Years

The worst may be yet to come as security executives told ThoughtLab they expect an increase in attacks over the next two years from social engineering and ransomware as nation-states and cybercriminals become more prolific.

Executives polled anticipate that these attacks will target weak spots primarily caused by:

• Software misconfigurations (49 percent)
• Human error (40 percent)
• Poor maintenance (40 percent)
• Unknown assets (30 percent)

Despite the looming threats, almost a third (29 percent) of CEOs and CISOs and 40 percent of chief security officers said their “organizations are unprepared for a rapidly changing threat landscape.”

The top reasons for this lax cybersecurity prep included:

• Complexity of supply chains (44 percent)
• Fast pace of digital innovation (41 percent)
• Inadequate cybersecurity budgets (28 percent)
• Lack of executive support (28 percent)
• Convergence of digital and physical assets (25 percent)
• Shortage of talent (24 percent).

Healthcare, the public sector, telecoms, and aerospace and defense industries all ranked high among those organizations lacking complete cybersecurity protection.

“Cyberattacks affect our day-to-day lives, our economy, and our national security.  By destroying, corrupting, or stealing information from our computer systems and networks, they can impact electric grids and fuel pipelines, hospitals, police departments, businesses and schools, and many other critical services that Americans trust and rely on every day,” said Biden.

Recent reports put cybercrime at a $10.5 trillion drain on the world’s economy by 2025 with the average cost of a data breach in the United States now almost $10 million.

Cybercriminals Target Small Businesses

While much of the attention of cybercrime is paid to critical government infrastructure and costly data breaches at large companies, the reality is that small businesses are three times more likely to be targeted by cybercriminals than larger companies, according to a new study.

“Between January 2021 and December 2021, researchers at cloud security company, Barracuda Networks, analyzed millions of emails across thousands of companies. They found that, on average, an employee of a small business with less than 100 employees will experience 350 percent more social engineering attacks than an employee of a larger enterprise,” reported Forbes in March 2022.

The report found that CEOs and CFOs were twice as likely to be the target of cybercriminals than average employees.

“Once they have access, cybercriminals use these high-value accounts to gather intelligence or launch attacks within an organization,” wrote Edward Segal for Forbes.

The report also noted that “Executive assistants are also a popular target as they often have access to executive accounts and calendars and usually can send messages out on behalf of executive teams.”

Small businesses, already facing unprecedented challenges from the pandemic, supply chain issues, and rising inflation, also saw an increasing number of cyberattacks, according to Tech Republic.

“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cybercriminals are taking advantage,” Don MacLennan, Barracuda’s senior vice president of engineering and product management email protection told Forbes. “That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology, and user education. The damage caused by a breach or a compromised account can be even more costly.”