October Is National Cybersecurity Awareness Month

Now in its 17th year, the Cybersecurity Infrastructure and Security Agency’s (CISA) National Cybersecurity Awareness Month (NCSAM) continues to raise awareness about the importance of cybersecurity across our nation, ensuring that all Americans have the resources they need to be safer and more secure online.

We are kicking off our support for this critical initiative by starting with probably the most important area of defense against cyber-crime—security awareness at the people level. Maintaining a secure business and personal environment comprises three fundamental components: people, process and technology. The US Department of Homeland Security insists that protecting the workplace is everyone’s responsibility. However, to do your part, being security aware is critical.

Social engineering has been the culprit of some of the most catastrophic data breaches in recent times (e.g., US Power Grid, Target, Sony Pictures, and J.P. Morgan Chase). Certainly, during the COVID-19 pandemic, the following are some startling (but not surprising) statistics:

• According to the FBI, cyber-crime was up 300% back in June. Other resources currently indicate that the pandemic has elevated that to as high as 600%.
• Also according to the FBI, phishing kit purchases on the dark web are up 62%.

Phishing is the social engineering tactic of malicious actors creating false emails, web pages, and social media pages to trick users to click on a link or download a file that contains a payload of malware or ransomware. The following are other types of social engineering tactics:

• Phishing: Baiting email recipients with malicious links and attachments
• Smishing: Baiting email recipients with malicious links though text messages
• Vishing: Baiting recipients through phone scams and/or VoIP
• Whaling: Targeting a high-level company executive through detailed reconnaissance by hackers via social media and company websites
• Spear-phishing: Spear-phishing is where an attacker spoofs an internal email address and then targets a known end-user within the organization.
• Business Email Compromise (BEC): In the case of BEC, the attacker also spoofs the company email address schema, but then uses it to attack outside recipients under the auspices of the company—potentially discrediting the brand and causing tremendous damage to their reputation.

So, “Do Your Part. #BeCyberSmart.” If you are connecting a device, be sure what you are connecting to is secure. If you are downloading an app, take the time to read the terms and conditions and privacy statements—and always download apps from a trusted source (not an email). Most importantly, monitor your child’s email and internet activity, and teach them good habits such as being aware of social engineering tactics. There is good reason to be wary that so many youths are addicted to apps like TikTok. You can learn more about how to protect yourself, your family and your business at the CISA website.

To get involved with the National Cybersecurity Association and NCSAM, click here.