Cybersecurity Awareness Month (CAM) is a global initiative created by the U.S. Department of Homeland Security and the National Cyber Security Alliance to recognize the importance of digital security for both business and individuals. Now an internationally recognized campaign, CAM aims to spread awareness about the importance and urgency of cybersecurity.
As we look back on Cybersecurity Awareness Month, one thing is clear: Everyone has a part to play in creating a cyber safe workplace.
This year’s campaign theme from the Cybersecurity and Infrastructure Security Agency (CISA) — “See Yourself in Cyber” — underscored this idea. For cybersecurity leaders and end users alike, CISA emphasized that we should collectively focus on four key behaviors:
- Enabling multi-factor authentication
- Using strong passwords and a password manager
- Updating software
- Recognizing and reporting phishing
Lynne Wilson, VP of Information Technology, elaborates on the importance of these behaviors and why every employee counts when building a security-focused culture.
It Starts with Identity
It’s no surprise that multi-factor authentication and strong password hygiene are central themes of this year’s Cybersecurity Awareness Month Campaign. With the normalization of remote work and the widespread move to the cloud, the security perimeter is nearly impossible to define. In response, enterprises are shifting away from traditional perimeter security methods towards identify-focused technology and authentication.
As security leaders, it is important to not only establish a strong identity program, but also engage employees with ongoing training. Although end users might have a base-level understanding of identity, ongoing training and education can help ensure they do not fall prey to growing threats like MFA fatigue.
Keep reading: “See yourself in cyber” starts with identity
Building a Cyber Smart Enterprise
Although our industry has made the pivot shift where consumers care about what we do, getting complete understanding and buy-in across the enterprise remains a challenge. From top-level executives and board members down to everyday technology users, the rapid pace of change in the cyber landscape means that we must continually evolve our understanding and help others do the same.
Our CEO Robert Herjavec recommends several ways to increase cybersecurity awareness at all levels of the enterprise:
- Make a business case for cybersecurity when speaking to executives – how will it add value to the business, how will it help the customers?
- Make it easy for employees to follow cybersecurity basics by automatically enabling features like MFA and password managers
- Host ongoing educational sessions or lunch and learns to keep employees informed on common threats and the latest best practices
Tackling the Talent Challenge
The cybersecurity talent shortage will continue to be a problem, particularly as cyber threats increase in frequency and impact. While this problem can feel like a tremendous task to take on, there are digestible steps we as a cybersecurity community can take to address it.
In the short term, we need to comprehensively secure organizations against their growing attack surface and the constantly evolving threat landscape. In the long term, we as a cybersecurity community need to build a capable cybersecurity workforce that will develop an industry where cybersecurity professionals can thrive, grow and – most importantly – be a part of a team that has the capacity to meet the threat landscape without being overworked, underfunded, or burning out.
Dr. Kall Loper, Vice President of Digital Forensics and Incident Response, offers some recommendations for security leaders to build the cybersecurity talent of today and tomorrow:
- Consider job candidates who may not “tick all the boxes” but offer other valuable skills and show potential to learn
- Explore other communities or verticals to attract talent or mentor your staff
- Bring in an outside partner to supplement your existing team
Champion Cybersecurity Year Round
Cybersecurity is a continuous process, rather than an end state—and it takes a village to protect all of the constituents within an enterprise. If we all do our part by implementing stronger security practices, raising community awareness, educating vulnerable audiences, or training employees, our interconnected world will be safer and more resilient for everyone.
Take the first step in transforming your cybersecurity program
Enterprise security teams are adapting to meet evolving business needs. With six global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Cyderes is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.