October is Cybersecurity Awareness Month, and I’m excited about what Microsoft and our industry partners have planned to help everyone stay #CyberSmart. 2022 may have offered a reprieve from the previous year’s race to enable a remote and hybrid workforce, but the increased use of personal devices also left security professionals with even more endpoints to manage and protect. As illustrated by breaches such as the March 2022 attack on Shields Health Care Group1 that affected two million people and the April ransomware attack that became a national emergency for the Costa Rican government2, we all need to be cyber defenders to protect what matters.
Technology can only do so much; it is the people who continue to be our greatest strength. That’s why Microsoft is taking this opportunity during Cybersecurity Awareness Month to help security professionals educate their employees on the fundamentals highlighted by the National Cybersecurity Alliance, such as protecting their identities, updating their software and devices, and not fall victim to phishing schemes.3 Be sure to explore the resources and training opportunities on our Cyber Security Awareness Month website, such as the #BeCyberSmart educational kit with assets to help people protect their data both at work and at home.
People have become the main attack vector for cyber attackers around the world, so now humans, rather than technology, pose the greatest risk to organizations.
—SANS Security Awareness Report 2022
Safety begins with awareness
In today’s limitless workplace, comprehensive security is essential. That kind of 360-degree protection requires education and awareness to safeguard identities, data, and devices. Awareness programs help security teams effectively manage their human risk by changing the way people think about cybersecurity and helping them practice safe behaviors. The SANS 2022 Security Awareness Report analyzed data from over a thousand security professionals around the world to identify how organizations are managing their human risk. The report found that more than 69 percent of security awareness professionals are part-time, meaning they spend less than half of their time on security awareness.
According to the SANS report, cybersecurity awareness professionals should strive to:
Engage leaders by focusing on terms that resonate with them and demonstrate support for their strategic priorities. “Don’t talk about what you’re doing, talk about why you’re doing it.” Consider having a 10-to-1 ratio of technical security professionals to human-centric security professionals. Partner with other departments in the organization, such as communications, human resources, and business operations, to help engage and communicate with your workforce. Make the training easy to understand and follow. “Like exercising, the important thing is the frequency.” And spend time collecting data on the impact of your awareness programs.
It’s up to each of us to be #BeCyberSmart
In 2022, the most common causes of cyberattacks remain malware (22%) and phishing (20%).4 Even with the rise of ransomware-as-a-service (RaaS) and other sophisticated tools, humans remain the most trusted and low cost. cost attack vector for cybercriminals worldwide. That’s why it’s vital that we all be informed about how to prevent violations and defend ourselves, both at work and at home.
Here are some basic steps we can all take to #BeCyberSmart:
Identity fraud: Deceptive emails, fake websites, fake text messages — these types of phishing scams accounted for 30 percent of attacks in 2021.5 During Newfoundland’s annual Gone Phishing Tournament last year, 19.8 percent of participants clicked the link in the phishing email, weather 14.4 percent downloaded the fake document.6 So how can we avoid taking the bait?
Check the sender’s email address for verifiable contact information. Common phishing prompts include a misspelled or unrelated sender address. If in doubt, do not answer. Instead, create a new email to reply to. Do not click on links or open email attachments unless you have verified the sender. For more tips, visit the Federal Trade Commission’s phishing site.
Devices and software: Unpatched and outdated devices and software are a primary access point for cybercriminals. That’s why practicing good cyber hygiene is so important to avoid destructive malware that can steal users’ personal information. To help keep your devices secure:
Enable the lockdown feature on all your mobile devices. Turn on multi-factor authentication for your sensitive apps and accounts. Run antivirus software and install system updates right away.
scams: Criminals will often contact you to “fix” a nonexistent problem. The email or text message will contain a sense of urgency, such as “Act now to prevent your account from being banned!” If you see this type of message, do not click the link. And always remember to report any suspected scams so the organization can take action. Some tips to remember:
Be skeptical of unsolicited support calls or error messages asking for urgent action. Do not follow any instructions to download software from any third party website. If in doubt, open a separate browser page and go directly to the company’s website.
Passwords: Passwords are our first line of defense against unauthorized access to accounts, devices, and files. However, the average person now has more than 150 online accounts; password fatigue is always a danger. Some tips on how to protect your passwords include:
Foster a more diverse cybersecurity workforce
As of April 2022, there are over 700,000 open cybersecurity positions in the United Stateswith a forecast 3.5 million cybersecurity positions will be vacant worldwide by 2025.7 That’s why Microsoft continues to reach out to students, veterans, people re-entering the workforce, anyone interested in becoming a cybersecurity advocate. This year for Cybersecurity Awareness Month, we’re also taking action on Microsoft’s initiatives to increase access to cybersecurity education and help close the workforce gap. In partnership with the Last Mile Education Fund, Microsoft aims to reach at least 25,000 students by 2025 with scholarships and additional resources related to cybersecurity pathways.
On October 7, 2022, we will once again host the Microsoft Student Summit, a virtual skills event designed to inspire higher education students toward a career in technology. This one-day event offers students the opportunity to interact with Microsoft’s student developer community, in hopes of providing inspiration and fueling a passion for innovation. We also continue to help students transition to real-world employment by offering learning sessions aligned to Microsoft certifications for security, compliance, and identity. Eligible students can take up to eight free foundational certification exams this academic year.
Helping to create the next generation of cybersecurity advocates is critically important, and we want to make sure the doors are open for everyone. That’s why we continue our partnership with Girl Security, helping to empower teen girls, women, and gender minorities by demystifying cybersecurity and building the skills required for employment. Microsoft is also partnering with other organizations to leverage the message of this moment in October 2022 to bring more women into the industry, with a Community College Pathways to Cybersecurity Success webinar with Women in Cybersecurity (WiCys) and a virtual event with Executive Women’s Forum. focused on cybersecurity careers at Microsoft.
We’re always working on new educational initiatives, so stay tuned to our security blog and look for updates on our cybersecurity education and awareness website.
Stay cyber smart all year
Cybersecurity Awareness Month is a special time for us as we collectively (industry, academia, and government) come together to promote the importance of a safe online environment. We know that cybercriminals are persistent and motivated, working all day, every day, with no days off. That is why we must work together on awareness and education throughout the year and build a culture of cyber defenders. Continue to visit our cybersecurity education and awareness website to learn more about Microsoft’s cybersecurity education programs and get our new cybersecurity education kit to use in your organization. Everyone has a role to play in cybersecurity, and when we learn together, we are safer together.
Learn more
Explore our best practices and educational resources with our cybersecurity awareness website.
For more information on Microsoft security solutions, visit our website. Bookmark the security blog to stay up to date with our expert coverage of security matters. Also, follow us @MSFTSecurity for the latest cybersecurity news and updates.
1Shields Health Care Group data breach affects 2 million patients, Bill Toulas. June 7, 2022.
2A massive cyberattack in Costa Rica leaves citizens injured, Carla Rosch. June 1, 2022.
3National Cybersecurity Alliance.
4 Alarming Cyber Statistics for Mid-Year 2022 You Need to Know, Chuck Brooks. June 3, 2022.
5Verizon 2021 Data Breach Investigation Report, Verizon. 2021.
6Gone Phishing Tournament, Terranova Security.
7Cybersecurity Jobs Report: 3.5 million openings in 2025, Cybersecurity Ventures. November 9, 2021.
Source: news.google.com