October is Cybersecurity Awareness Month with the 2022 campaign's overarching theme of “See Yourself in Cyber.”
Each fall the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry leaders to raise cybersecurity awareness nationally and internationally.
“The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online,” says the NCA.
Why We Need a Cybersecurity Awareness Month
Cybersecurity Awareness Month has taken on an increasingly important role as online threats to technology and confidential data have become commonplace.
CyberCrime Magazine reported in 2020 that cybercrime was growing at a clip of 15 percent per year and could cost the world a staggering $10.5 trillion annually by 2025.
And Statista reported last month that the average cost of a data breach in the United States from 2006 to 2022 had almost tripled from $3.43 million to $9.44 million.
Cybersecurity Does Not Need to Be Complex
The 2022 Cybersecurity Awareness Month campaign theme demonstrates that ultimately staying safe online is really about people and does not need to be a complex subject.
“This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future,” said the CISA in the Cybersecurity Awareness Month release.
Key messaging for the 2022 Cybersecurity Awareness Month theme includes:
- See Yourself Taking Action to Stay Safe Online: Individuals and families are encouraged to enable basic cyber hygiene practices such as:
o Updating software
o Thinking before clicking
o Using good, strong passwords or a password keeper
o Enabling multi-factor authentication on all sensitive accounts
- See Yourself Joining the Cyber Workforce: Leaders want to build a cybersecurity workforce that is bigger, more diverse, and dedicated to solving the problems that will help keep Americans and U.S. businesses safe.
- See Yourself as Part of the Solution: Businesses must put operational collaboration into practice, working together to share information in real-time, reduce risk and build resilience from the start to protect America’s critical infrastructure and the systems that Americans rely on every day.
“While most of the cybersecurity news articles are about massive data breaches and hackers, it can seem overwhelming and feel like you’re powerless against it,” said the NCA. “But Cybersecurity Awareness Month reminds everyone that there are all kinds of ways to keep your data protected.
The History of Cybersecurity Awareness Month
The President of the United States and Congress first declared October to be Cybersecurity Awareness Month in 2004.
“Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact,” said the NCA.
The first Cybersecurity Awareness Month was launched by NCA and the U.S. Department of Homeland Security’s National Cyber Security Division in 2004 – just about 15 years after the “World Wide Web” was born and the modern internet age was launched.
“When National Cybersecurity Awareness Month first began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight savings time,” the NCA said in a 2019 SecureWorld article.
The SecureWorld article says the impetus behind the U.S. government starting the annual Cybersecurity Awareness Month was “Titan Rain, a designation that the U.S. government gave a series of coordinated attacks on American computer systems starting in 2003.”
“The month has grown in reach and participation. Operated in many respects as a grassroots campaign, the month's effort has grown to include the participation of a multitude of industry participants that engage their customers, employees, and the general public in awareness, as well as college campuses, nonprofits, and other groups,” said the NCA.
The Cost of Cyber Attacks on Small Businesses
The CISA reported in 2022 that, “every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.”
Businesses face significant financial loss when a cyberattack occurs, and small businesses are not immune to attacks.
“Cybercrime is growing as use of the internet and business networks expand. Today, more than ever, businesses of all sizes rely on their networks, data, and internet connectivity to conduct business,” says the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs.
The National Small Business Association (NSBA) found that “half of all small businesses report they have been the victim of a cyberattack … among those who were targeted, 68 percent reported being a cyber victim more than just once.”
The SBIR / STTR says that “by themselves, individual small businesses may not appear to present an overly attractive target. However, collectively small businesses are a very lucrative target set due to the collective economic impact of small business.”
According to the Small Business Administration (SBA), small businesses make up:
- 99.7 percent of U.S. employer firms
- 63 percent of net new private sector jobs
- 48.5 percent of private sector employment
- 42 percent of private sector payroll
- 46 percent of private sector output
“Small business attacks are increasing because they present cybercriminals with an easy way to gain access to customer credit card records and bank accounts, supplier networks, and employee financial and personal data. Smaller companies tend to have weaker online security. They’re also doing more business than ever online via cloud services that perhaps don’t use strong encryption technology,” said the SBIR / STTR.
Andrew Rinaldi writes that recent studies show that the average cost of a data breach to small businesses can range from $120,000 to $1.24 million.
“The true cost of a data breach isn’t always immediately known. Expenses can be spread out over time, with about one-third of the expenses becoming apparent the first year following the breach,” said Rinaldi in Business.com.
4 Things You Can Do to Enhance Cybersecurity
The NCA says it can make a huge difference even by practicing the basics of cybersecurity.
For October Cybersecurity Awareness Month, the CISA and NCA say there are 4 things you can do to enhance cybersecurity:
- Think Before You Click: Recognize and report phishing attempts. CISA and NCA say that if a “link looks a little off, think before you click” as it could be an attempt to get sensitive information or install malware.
- Update Your Software: Some messages never get old, and all software should be promptly updated. Your best bet is to enable automatic updates for your software.
- Use Strong Passwords: ABC123 will not cut it! Use passwords that are long, unique, and randomly generated. Password managers can help you generate and remember complex passwords for each of your accounts.
- Enable Multi-Factor Authentication: Enabling multi-factor authentication will make it significantly less likely that you will get hacked.
“As the threat of malicious cyber activities grows, we must all do our part to keep our Nation safe and secure,” said President Joe Biden in his Cybersecurity Awareness Month 2022 proclamation.
