Oh, you didn't know? You are not alone. Did you know that October is national cybersecurity awareness month? If you didn’t, you are not alone. While you have to give credit to the SANS Institute and others for their effort here, few people outside the Beltway are aware of cybersecurity awareness month – let alone do anything about it.To me, this is a real shame. The folks in Washington put on a party and no one from outside the area show up. Heck, even the President gets involved. This is especially troubling due to the lack of cybersecurity awareness and knowledge in the working and general public. Allow me to illustrate my point. Last year, ESG surveyed 244 security professionals working at enterprise organizations (i.e. more than 1,000 employees) and asked them a number of questions about APTs and other types of security threats and attacks. Within this survey, ESG asked security professionals to rate their organizations in a number of security skills and processes. We found that:• 49% of organizations rate their non-IT employees’ general security knowledge as “fair” or “poor.”• 55% of organizations rate their non-IT employees’ knowledge about APT concepts like social engineering as “fair” or “poor.”So our employees haven’t a clue about good security behavior but they aren’t alone. Alarmingly, 14% of organizations rated their security staff’s knowledge and skills around APTs as “fair” or “poor.”You can’t get your driver’s license unless you know the rules of the road, but you are free to take tremendous risks with your organizations assets if you don’t understand cybersecurity. That’s just crazy if you ask me.As part of cybersecurity awareness month, CEOs, CIOs, and CISOs, should email their entire organizations and tell them to peruse this web site: http://www.staysafeonline.org/ncsam which is sponsored by the National Cyber Security Alliance. As your local constable might tell you, ‘ignorance of the law is no excuse.’ It’s time to make sure that all employees and computer users realize that the Internet has become a very dangerous neighborhood and teach them how to avoid the multitudes of dark alleys and seedy con artists lurking around every corner. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe