3 actions to take during cybersecurity awareness month

Are you aware that October is national cybersecurity awareness month?  If you aren’t, you’re not alone.  There’s lots of cybersecurity awareness activities in DC, some states, and Universities, but it’s all but ignored by the industry at large. 

Want proof?  Look at the homepages of the biggest cybersecurity vendors in the industry. Do you see a word about cybersecurity awareness month?

To me, this is a crying shame.  Almost all US citizens interact with the internet every day and need to better understands the associated risks so they can make educated decisions online.  This education could be a collective benefit for all of us.

Allow me to offer a few suggestions for actions to take this month, based on research from my employer ESG and the information systems security association (ISSA).

1. Boost business executives’ awareness of cyber risks. According to research from my employer ESG and the information systems security association (ISSA), 23% of infosec pros say one of their biggest challenges is that business managers don’t understand or support an appropriate  level of cybersecurity at their organization.  This is hard to believe in 2019, but too many CEOs and corporate boards still think that their organization aren’t attractive targets, so they see no need to invest in strong cybersecurity. 

This is simply head-in-the-sand behavior.  Responsible executives owe it to their shareholders, customers and employees to further educate themselves on cyber risk and include cybersecurity as part of overall risk management strategies.  Hey, October 2019 is a great time to start.  Eventually, strong cybersecurity will be an organizational requirement.  Laggards will be digital pariahs, mark my word. 

2. Align cybersecurity awareness with new technology initiatives. Thirty-nine percent of cybersecurity professionals say the most stressful aspect of their job is finding out about IT initiatives with no security oversight.  In other words, IT teams go build and buy new applications for things like digital transformation and don’t get the cybersecurity team involved during the design, planning or development phases of these projects.  This situation is ripe for change.  During October, IT teams should bolster their cybersecurity awareness so that they understand new project risks and can bake security into development rather than bolt it on later.  This can help improve security and decrease costs. 

3. Get cybersecurity professionals the training they need. Ninety-three percent of cybersec pros agree that they need continuous training to keep up with the latest threats, yet 66% admit that they can’t keep up with training due to the demands of their day-to-day jobs.  Wow, there’s a lot of cybersecurity awareness to go around here!  CISOs must be aware of this training gap and find ways to free up staff from daily drudgery so they have ample time for continuous education.  As for cybersecurity professionals themselves, they should be aware that without ongoing cybersecurity knowledge improvement, they risk becoming dinosaurs.  For them, improved cybersecurity awareness should be a daily goal. 

A long time ago, the tagline for my blog read: ‘Cybersecurity: it’s way worse than you think.’  Unfortunately, this soundbite is truer today than it was in the past.  It’s time we stopped treating cybersecurity awareness month like a federal boondoggle and started an honest concerted effort to truly educate the public and make measurable progress on cybersecurity awareness every October.  The world would be a better place if we did.