• United States



Contributing Writer

Happy Cybersecurity Awareness Month!

Oct 03, 20122 mins
Cisco SystemsCybercrimeData and Information Security

Oh, you didn't know? You are not alone.

Did you know that October is national cybersecurity awareness month? If you didn’t, you are not alone. While you have to give credit to the SANS Institute and others for their effort here, few people outside the Beltway are aware of cybersecurity awareness month – let alone do anything about it.To me, this is a real shame. The folks in Washington put on a party and no one from outside the area show up. Heck, even the President gets involved. This is especially troubling due to the lack of cybersecurity awareness and knowledge in the working and general public. Allow me to illustrate my point. Last year, ESG surveyed 244 security professionals working at enterprise organizations (i.e. more than 1,000 employees) and asked them a number of questions about APTs and other types of security threats and attacks. Within this survey, ESG asked security professionals to rate their organizations in a number of security skills and processes. We found that:• 49% of organizations rate their non-IT employees’ general security knowledge as “fair” or “poor.”• 55% of organizations rate their non-IT employees’ knowledge about APT concepts like social engineering as “fair” or “poor.”So our employees haven’t a clue about good security behavior but they aren’t alone. Alarmingly, 14% of organizations rated their security staff’s knowledge and skills around APTs as “fair” or “poor.”You can’t get your driver’s license unless you know the rules of the road, but you are free to take tremendous risks with your organizations assets if you don’t understand cybersecurity. That’s just crazy if you ask me.As part of cybersecurity awareness month, CEOs, CIOs, and CISOs, should email their entire organizations and tell them to peruse this web site: which is sponsored by the National Cyber Security Alliance. As your local constable might tell you, ‘ignorance of the law is no excuse.’ It’s time to make sure that all employees and computer users realize that the Internet has become a very dangerous neighborhood and teach them how to avoid the multitudes of dark alleys and seedy con artists lurking around every corner.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author