October is over, but cyber security awareness should be a year-round concern
Most of you probably know or have at least heard of “No-Shave November,” even those of you who are pretty handy with a razor. Most fellows who gleefully participate probably aren’t even aware that the entire point of “Movember” is to raise awareness and support for various men’s health issues such as prostate cancer. Since we’ve firmly established that an entire month can go viral, however, here’s one worthy candidate: Cyber Security Awareness October.
Hosted by the Department of Homeland Security, the 11th annual National Cyber Security Awareness Month (NCSAM) closed on Halloween with the department’s admonition to “Become a Stop. Think. Connect. Campaign partner and keep your cybersecurity and safety efforts going throughout the year.” In fact, the campaign included a full calendar of activities, including “share a link to a cybersecurity video on social media” (October 14) and “e-mail a cybersecurity tip to your network” (October 21). The stated goal of the month is to raise awareness of cybersecurity and increase the resiliency of the nation in the event of a cyber-attack. The DOH NCSAM page states, “Since our way of life depends on critical infrastructure and the digital technology that operates it, cybersecurity is one of our country’s most important national security priorities, and we each have a role to play.”
The headlines of the past four or five years definitely vindicate DHS’s campaign. In 2014, victims of cybercrime lie everywhere on the threat spectrum, from celebrities with Apple iCloud accounts to home improvement superstore chain Home Depot. And while many cyberattacks amount to nothing more than temporary denial of service attacks, some are substantially more serious. In recent years, Sony and Citibank were both on the wrong side of attacks that cost them millions in lost revenue, and just this summer JPMorgan Chase had “gigabytes of data” stolen from its networks, raising concerns of fraud.
Hacker groups have been active in the 2010s as well: LulzSec is responsible for a notorious attack on the United States Senate, as strikes against the CIA and PBS websites, while Anonymous claims responsibility for a 2011 attack on the Egyptian government, as well as past incidents involving Visa, Mastercard, Paypal and a crippling attack 2011 against HBGary Federal that ended with CEO Aaron Burr’s resignation.
In an article published by Fortune in late April, Cisco Chief Security Officer John Stewart urged company executives and officers to take cyber security more seriously, saying that “it may sound a little passé, but every company … is now an IT company.” In keeping with the spirit of shared responsibility, he warned that if companies were not more proactive about their own security then it would eventually become mandated by law (though judging by attacks on the CIA and Senate, it’s difficult to be sure that would help). Steward also said that Tech Security still has a lot of room for growth, citing the developing Internet of Things specifically.
Though NCSAM is officially over, interested parties can still visit the main page, which includes a list of activities to try, as well as links to pages of security tips compiled for specific demographics. One can also visit the DHS “Stop.Think.Connect.” campaign here.