Spanning global businesses and entire economies, to local communities and individuals, cybercrime affects users at all levels. While cyber threats take on varying forms and degrees of severity, what’s clear is how much these risks have grown in recent years. Consider that:
The average data breach cost organizations an average of $4.45 million USD
72.7% of global businesses were affected this year by ransomware attacks
Phishing remains a top threat with approximately 8 billion spam emails sent within the the U.S. alone
So far in 2023, over 5.7 million mobile malware and adware attacks have targeted smartphone users
Identity fraud occurs every 22 seconds and more than one-third of Americans have faced identity theft in their lifetime, with that rate set to increase
The need for digital security has become an undeniable aspect of daily life. Building a safer online experience for all users requires cybersecurity awareness and empowering users with practical tips and best practices.
For the past 20 years, the month of October has been dedicated to raising awareness about cybersecurity and online safety for both private and public sectors. In this blog post, learn all about this year’s security recommendations, how to apply them to your organization, and how to improve your cybersecurity this month and beyond.
Celebrating 20 Years of Cybersecurity Awareness Month
Cybersecurity Awareness Month was first launched in 2004 by the Department of Homeland Security and the National Cyber Security Alliance to join government branches and industries together in reducing online risk. October represents a time for open and ongoing discussion about the importance of cybersecurity, current risks and threats, and how to further innovation in the defense sector.
“Secure Our World” | What Actions Governments Are Taking
In recognition of the 20th annual observation of Cybersecurity Awareness Month, CISA has announced a new and ongoing cybersecurity awareness program called Secure Our World. The program promotes a handful of key security actions to help businesses and individuals improve cybersecurity in their organizations and lives. The “Secure Our World” theme is set to be integrated across CISA’s future awareness campaigns and aims to encourage users to take action in protecting their devices.
To kickoff Cybersecurity Awareness Month 2023, President Biden calls for taking action on the global stage in order to slow down cyber threats crossing borders. This fall, the administration prepares to convene for the third annual International Counter-Ransomware Initiative in Washington D.C., which gathers over 40 security partners from around the world to address the risks and damages caused by ransomware attacks.
The President further outlined the launch of a new virtual rapid response program at NATO to ensure that allied partners can effectively support each other during active cyber incidents. This is the latest action from the Biden-Harris administration in modernizing the federal governments’ strategy to respond to the modern threat landscape. Efforts from this past summer include the launch of a U.S. Cyber Trust Mark program, the first ever Cybersecurity for K-12 Schools Summit, a new National Cyber Workforce & Education Strategy, and the passing of several legislative acts with an emphasis on incorporating cybersecurity measures into our infrastructure.
Four Key Ways to Stay Safe Online
This October, NIST has partnered with various federal agencies to highlight recommendations for better cybersecurity awareness. SentinelOne endorses the following four key cyber behaviors that businesses and individuals alike can focus on. These best practices can go a long way in helping users secure their online experiences and increase long-term resilience against future threats.
1 – Secure Your Accounts With MFA
Multi-factor authentication (MFA) is a staple in safeguarding users’ online presence. Imagine it as fortifying a digital fortress with an extra layer of security, rather than just relying on passwords. Considering that compromised credentials are behind more than half of all data breaches this year, MFA can be a steadfast defense mechanism for organizations and individuals.
MFA is a verification process that verifies a user’s identity during log in. Users enter something they know, such as their password, followed by something they have, like an SMS code sent to a mobile device, a fingerprint, or a facial scan. This multi-tiered approach not only enhances device security but also keeps accounts private to only its owner.
For businesses implementing MFA within their organizations:
Begin by identifying the most critical systems, applications, and data within the enterprise. These are the assets that require the highest level of protection and should be the first to have MFA implemented.
Select MFA methods that align with the organization’s needs and user preferences. Common MFA methods include SMS codes, mobile app-based authentication, hardware tokens, biometrics (fingerprint, facial recognition), and smart cards. Consider a combination of methods for flexibility.
Integrate MFA seamlessly with existing authentication systems and applications. Many identity and access management (IAM) solutions offer MFA integration options. This ensures compatibility and ease of use for employees.
Educate employees about the importance of MFA and provide training on how to use it. Users should understand the benefits of MFA and know how to recover their accounts if necessary.
Cyber threats evolve, so should MFA policies too. Regularly review and update any organization-wide MFA settings and authentication methods to adapt to changing security needs.
2 – Level Up Your Password Security
Online presences play an increasingly significant role in daily life, moving password security and identity management into the spotlight. According to recent findings, the number of digital identity apps in use is predicted to surpass 4.1 billion globally by 2027; nearly double from 2.3 billion in 2023.
The complexity and length of a password determines the resilience of private accounts against unauthorized access but, too often, users resort to easily memorable but weak passwords. This is where password managers come in. These tools are specialized to simplify and strengthen the management of passwords. They work by generating and securely storing complex, unique passwords for each of your online accounts. Instead of struggling to remember numerous intricate combinations, users need only to remember a single, strong master password.
Password managers greatly reduce the risk of brute force or dictionary attacks. By eliminating the need for users to memorize multiple passwords, they reduce the temptation to reuse weak passwords across accounts. Many tools available on the market now come equipped with features like password strength assessment, MFA, and secure password sharing for enhanced security.
For businesses implementing password security policies within their organizations:
Implement regular password rotation policies, prompting users to change their passwords at set intervals. Avoid overly frequent rotations, which can lead to weaker passwords as users opt for easily memorable options.
Prevent users from reusing their previous passwords. Maintain a history of past passwords to ensure that users do not recycle old, potentially compromised ones.
Enforce account lockout policies that temporarily lock accounts after a certain number of failed login attempts. This helps deter brute force attacks.
Provide ongoing cybersecurity education and training to employees. Ensure they understand the importance of strong passwords, recognize social engineering, and follow security best practices.
Conduct regular security audits and assessments to identify weak or compromised passwords. Promptly address any vulnerabilities discovered.
Implement Privileged Access Management (PAM) solutions to tightly control and monitor access to critical systems and data. This includes robust password management for privileged accounts.
3 – Fight Emerging Threats With Software Updates
Having robust patch management policies helps organizations fight against vulnerabilities, which can be exploited by malicious actors. Software vendors regularly release patches and updates to address known vulnerabilities and security weaknesses in their products. Neglecting to apply these patches promptly can leave systems exposed to a wide array of cyber threats, from malware and ransomware attacks to data breaches. Cybercriminals are quick to capitalize on these weaknesses, making swift patch deployment a priority for IT teams.
Failing to prioritize patch management can be severe. Breaches can lead to significant financial losses, damage to an organization’s reputation, and legal and regulatory repercussions. The reality is that the time and resources needed after a successful breach are often far more extensive than the effort of implementing proactive patch management.
For businesses implementing patch management policies within their organizations:
Start with creating a comprehensive inventory of all hardware and software assets within your organization. This includes servers, workstations, network devices, and applications.
Conduct regular vulnerability assessments and scans to identify potential security weaknesses and vulnerabilities in systems and software. This step helps prioritize patching efforts.
Prioritize patches based on criticality and impact. Focus on patches that address vulnerabilities that are actively exploited or have a high risk of exploitation.
Test patches thoroughly in the controlled environment before deploying them to production systems. Involve IT teams and business units in testing to ensure all aspects are considered.
Implement a phased deployment strategy to minimize disruption. Start with non-production systems and gradually roll out patches to critical systems. Use automation tools for efficient deployment.
4 – Learn How to Spot & Report Phishing Bait
Phishing attacks have evolved with cybercriminals refining their tactics over the years. Before, phishing was relatively basic; a few generic emails filled with easy-to-spot spelling errors. Nowadays, phishing has become a top attack method involving sophisticated and convincing campaigns. Modern phishing attacks employ advanced social engineering techniques, exploit psychological triggers, and often impersonate trusted entities with astonishing accuracy. As a result, even the most vigilant users can be tricked.
In the corporate context, phishing attacks often serve as the gateway for larger-scale data breaches, ransomware attacks, and financial fraud. This makes employees the first line of defense. By promptly recognizing and reporting phishing attempts, they can help security teams take immediate action to neutralize threats and protect sensitive company data. Encouraging employees to verify email sources, spot malicious links and attachments, and follow a spam reporting process can help organizations develop their long-term cybersecurity posture.
Businesses can implement the following measures to develop their phishing awareness and reporting policies:
Conduct regular phishing awareness training sessions for employees. Educate them on how to recognize phishing attempts, verify email sources, and report suspicious emails promptly. Train employees to validate the legitimacy of websites and links in emails. Hover over links to view the URL before clicking on them.
Implement email authentication protocols like SPF, DKIM, and DMARC to help prevent email spoofing and domain impersonation.
Develop and enforce robust security policies and procedures related to email and communication security. Ensure employees are aware of and adhere to these policies.
Use endpoint security solutions that can detect and prevent malware downloads and malicious activity stemming from phishing emails.
Implement continuous monitoring of email traffic and user behavior to detect anomalies and suspicious activities.
SentinelOne As a Force for Good
SentinelOne is trusted by industry leaders and organizations to protect digital ecosystems through AI-driven detection and response capabilities, deep visibility, and data enrichment. As leaders in the cybersecurity space, SentinelOne continues to focus on circulating cyber threat intelligence and best practices in order to secure our digital futures.
Through their CyberSafe University, Global SentinelOne Ambassadors were able to engage more than 8000 students K-12 worldwide in 40+ schools and 6 countries in learning about cybersecurity fundamentals. The program was most recently expanded to include training materials in 10 languages, topics on smartphone and tablet safely for all ages, a parent resource, and a high school curriculum for youth interested in pursuing a career in cybersecurity.
For our partners, we offer SentinelOne University training programs that help raise the knowledge and skill set of cybersecurity professionals using SentinelOne technology to protect their people and data.
Cybersecurity has evolved into a critical aspect of our daily lives, underpinning not only personal data protection but also the resilience of businesses, governments, and entire economies. Right now, knowledge remains the best defense within the current threat landscape. By sharing awareness tips and best practices through global efforts like Cybersecurity Awareness Month, the defense community can empower both individuals and organizations to build up their resilience against real-world attacks and ongoing risks.
Fostering a community centered around cyber threat intelligence promotes collaboration and information-sharing among experts, security practitioners, and interested individuals. Pooling resources, intelligence, and expertise, helps the community enhance the collective cybersecurity posture.