October is National Cyber Security Awareness Month! We’ve seen some very high-profile data breaches recently, so the timing is better than ever.
The Department of Homeland Security labels October as National Cyber Security Awareness Month. This is an annual campaign designed to spread knowledge of the topic. The goal is to raise awareness about cyber threats and preparation methods to best protect individuals and their companies.
2017 comes on the heels of major data breach announcements from Equifax, Deloitte and the Securities and Exchange Commission, making 2016 the worst year on record for cyber security incidents. The resulting news coverage and focus on cyber education should surely bring an improvement to the cyber security environment right? Wrong. This year is on track to top 2016 as the worst year for cyber security incidents on record.
Recently, these high-profile attacks have dominated the news cycle everywhere you look. The hack to Equifax exposed personal information of more than 143 million consumers. What’s so troubling about this hack is that this company and the other two major credit bureaus maintain highly confidential financial and personal data on the individuals in their databases. A person does not need to be an actual customer of a credit bureau to have been exposed, because these companies assemble information on all consumers based on their credit activity. Equifax’s has not handled their response to this well, resulting in the “retirement” of several senior executives.
In the case of the Deloitte breach, the firm has confirmed confidential documents and emails were stolen from the corporate network, and it could have easily been prevented! The lack of two factor authentication allowed the hackers to access the network with just a username and password. This is such an easy attack vector to counter and unacceptable practice. Google, Microsoft and most social media networks offer 2FA support, leaving no excuse.
In the SEC hack, hackers accessed the electronic system known as EDGAR, which stores information related to public company filings. With this knowledge, hackers then most likely used the information to profit from trading in the public stock exchanges. According to the chairman of the SEC, the agency does not yet know the full extent of this hack.
With all this, and more, as a backdrop, this year’s National Cyber Security Month is focusing on the following themes:
- Simple steps to online safety: Helping consumers understand the threats and how to protect themselves, including what to do if they become a victim of cyber-crime.
- Cyber security in the workplace is everyone’s business: Enhancing corporate cultures of cyber security, how to educate employees and the use of the National Institute of Standards and Technology Cybersecurity Framework to protect your company.
- Today’s predictions for tomorrow’s internet: This will focus on smart technology and what is known as the Internet of Things (IoT) and the importance of safeguarding their use in our homes and society at large.
- The internet wants you: Consider a career in cybersecurity – Most schools today focus on software coding, when it comes to technology career tracks. Cybersecurity represents a massive career opportunity for those seeking a meaningful role safeguarding our national economy. It’s critical that we educate our middle and high schoolers on this critical need and opportunity.
- Protecting critical infrastructure from cyber threats: I’m sure you have seen or read news stories on the risks to our financial networks, power grid and other public utilities. Consider the catastrophe unfolding in Puerto Rico right now from Hurricane Maria. Resiliency of our critical infrastructure is more important than ever, in the face of changing weather patterns and the persistent cybersecurity threat.