October is Cybersecurity Awareness Month, and I’m excited for what Microsoft and our industry partners have planned to help everyone stay #CyberSmart. 2022 may have offered some respite from the previous year’s rush to enable a remote and hybrid workforce, but the increased use of personal devices has also left security professionals with even more endpoints to choose from. manage and secure. As exemplified by breaches like the March 2022 attack on Shields Health Care Group1 which affected two million people and the April ransomware attack which became a national emergency for the Government of Costa Rica,2 we all need to be cyber defenders to protect what matters.
Technology can’t do much; it is the people who remain our greatest strength. That’s why Microsoft is taking this opportunity during Cybersecurity Awareness Month to help security professionals educate their employees on the core principles highlighted by the National Cybersecurity Alliance, such as protecting their identity, update their software and devices, and not fall prey to phishing schemes.3 Be sure to explore resources and skills opportunities on our Cybersecurity Awareness Month website, such as the #BeCyberSmart education kit with resources to help people protect their data at work and at home.
People have become the primary attack vector for cyber attackers around the world, so humans rather than technology now pose the greatest risk to organizations.
—SANS 2022 Security Awareness Report
Safety starts with awareness
In today’s borderless workplace, comprehensive security is essential. This kind of 360 degree protection requires education and awareness to protect identities, data and devices. Awareness programs enable security teams to effectively manage their human risk by changing the way people think about cybersecurity and helping them adopt safe behaviors. The SANS 2022 Security Awareness Report analyzed data from more than a thousand security professionals around the world to identify how organizations are managing their human risk. The report found that more than 69% of security awareness professionals work part-time, meaning they spend less than half their time on security awareness.
According to the SANS report, cybersecurity awareness professionals should strive to:
- Engage leaders by focusing on terms that resonate with them and demonstrate your support for their strategic priorities. “Don’t talk about what you do, talk about Why you do it.
- Consider having a 10:1 ratio of technical security professionals to human-focused security professionals.
- Partner with other departments in the organization, such as communications, human resources, and business operations, to help engage and communicate with your staff.
- Make training simple to understand and follow. “Just like training, it’s the frequency that’s important.” And spend time collecting information about the impact of your outreach programs.
It’s up to each of us to #BeCyberSmart
In 2022, the most common causes of cyberattacks are still malware (22%) and phishing (20%).4 Even with the rise of ransomware as a service (RaaS) and other sophisticated tools, humans remain the most reliable and cost-effective attack vector for cybercriminals around the world. For this reason, it is essential that we all stay informed about how to prevent breaches and defend ourselves, both at work and at home.
Here are some basic steps we can all follow to #BeCyberSmart:
Phishing: Deceptive emails, fake websites, fake text messages: these types of phishing scams accounted for 30% of attacks in 2021.5 During Terranova’s annual Gone Phishing tournament last year, 19.8% of participants clicked on the link in the phishing email, while 14.4% downloaded the fake document.6 So how do you avoid taking the bait?
- Check the sender’s email address for verifiable contact information. Common phishing tips include a misspelled or unrelated sender address. If in doubt, do not answer. Instead, create a new email to reply.
- Do not click on links or open attachments unless you have verified the sender.
- For more tips, visit the Federal Trade Commission’s phishing site.
Devices and software: Unpatched and outdated devices and software are a major entry point for cybercriminals. That’s why it’s so important to practice good cyber hygiene to avoid destructive malware that can steal users’ personal information. To help protect your devices:
- Activate the lock function on all your mobile devices.
- Enable multi-factor authentication on your sensitive apps and accounts.
- Run anti-virus software and install system updates immediately.
Scams: Criminals will often contact you to “fix” a non-existent problem. The email or text will contain a sense of urgency, such as “Act now to prevent your account from being locked out!” If you see this type of message, do not click on the link. And remember to always report any suspected scams so the organization can take action. A few tips to keep in mind:
- Beware of unsolicited technical support calls or error messages requesting urgent action.
- Do not follow any prompts to download software from a third-party website.
- If in doubt, open a separate browser page and go directly to the company’s web page.
Passwords : Passwords are our first line of defense against unauthorized access to accounts, devices, and files. However, the average person now has over 150 online accounts; Password fatigue is always a danger. Here are some tips for protecting your passwords:
Fostering a More Diverse Cybersecurity Workforce
Since April 2022, there are more than 700,000 cybersecurity vacancies in the United Stateswith a forecast 3.5 million unfilled cybersecurity positions worldwide by 2025.seven That’s why Microsoft continues to reach out to students, veterans, people re-entering the workforce, anyone who wants to become a cybersecurity advocate. This year, for Cybersecurity Awareness Month, we are also following up on Microsoft’s initiatives to increase access to cybersecurity training and close the workforce gap. In partnership with the Last Mile Education Fund, Microsoft aims to reach at least 25,000 students by 2025 with scholarships and additional resources related to cybersecurity pathways.
On October 7, 2022, we’re once again hosting the Microsoft Student Summit, a virtual skills event designed to inspire college students towards a career in technology. This one-day event offers students the opportunity to engage with the Microsoft student developer community, hoping they inspire and ignite a passion for innovation. We also continue to help students find real-world jobs by providing learning sessions aligned with Microsoft certifications for security, compliance, and identity. Eligible students can take up to eight free foundational certification exams this academic year.
Helping create the next generation of cybersecurity advocates is critically important, and we want to make sure the doors are open to everyone. That’s why we’re continuing our partnership with Girl Security, helping to empower adolescent girls, women, and gender minorities by demystifying cybersecurity and developing the in-demand skills needed for employment. Microsoft is also partnering with other organizations to leverage the message of this moment in October 2022 to bring more women into the industry, with a Community College Pathways to Cybersecurity Success webinar with Women in Cybersecurity (WiCys) and a virtual event with the Executive Women’s Forum focused on cybersecurity careers at Microsoft.
We’re always working on new educational initiatives, so stay tuned to our security blog and check out updates on our cybersecurity awareness and education website..
Stay cyber-smart all year round
Cyber Security Awareness Month is a special time for us as we collectively come together – industry, academia and government – to promote the importance of a secure online environment. We know that cybercriminals are persistent and driven, working all day, every day, with no days off. That’s why we need to work together on awareness raising and education throughout the year and build a culture of cyber advocates. Please continue to visit our Cybersecurity Awareness and Education website to learn more about Microsoft’s cybersecurity education programs and obtain our new Cybersecurity Education Kit to use in your organization. Everyone has a role to play in cybersecurity, and when we learn together, we’re safer together.
Learn about our best practices and educational resources on our cybersecurity awareness website.
To learn more about Microsoft security solutions, visit our website. Bookmark the Security Blog to follow our expert coverage on security issues. Also, follow us on @MSFTSecurity for the latest cybersecurity news and updates.
1Shields Health Care Group data breach affects 2 million patients, Bill Toulas. June 7, 2022.
2Massive Cyberattack in Costa Rica Leaves Citizens Hurt, Carla Rosch. June 1, 2022.
3National Cybersecurity Alliance.
4Alarming cyberstats for mid-2022 you need to know, Chuck Brooks. June 3, 2022.
52021 Verizon Data Breach Investigation Report, Verizon. 2021.
6Gone Phishing Tournament, Terranova Security.
sevenCybersecurity Jobs Report: 3.5 Million Opens in 2025, Cybersecurity Ventures. November 9, 2021.