Skip to content

Does Cybersecurity Awareness Month matter?

    
Does Cybersecurity Awareness Month matter?

This year, as Contrast Security Chief Information Security Officer David Lindner announced last week, Contrast was once again proud to be a Champion for Cybersecurity Awareness Month — a program designed to help in promoting global awareness of online safety and privacy — throughout October. 

Co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security, this annual campaign is a global effort between businesses, government agencies, colleges and universities, associations, nonprofit organizations, and individuals. It’s designed to raise awareness and to help everyone stay safe online.

The campaign might not matter to your average mortal, Lindner admits, but it’s had a huge impact when it comes to organizations’ inclinations to try to keep users and customers safe in our ever-evolving threat landscape. 

In the spirit of the month-long security push, Dave was kind enough to answer a few questions about what he thinks the impacts are of this initiative. He also offered some thoughts on the cybersecurity trends and/or attacks that surprised him the most this year — for example, the sobering, ever more evident reality that multifactor authentication (MFA) is fallible. Read on for that and other Cybersecurity Awareness Month-inspired insights:

Contrast: What were the best and worst aspects of security over the last year?

Lindner:  It has been encouraging to see the market continue to shift. Organizations are becoming more proactive by going back to the basics and adopting security measures and solutions to better defend themselves this year. Unfortunately, we have continued to see the devastating impact major vulnerabilities — such as Spring4Shell — and cybersecurity attacks have had on organizations, which is why we must continue the fight and stay diligent.

MFA: Flawed but still mighty

Contrast: What cybersecurity trend and/or attack were you most surprised by this year? 

 Lindner:  MFA bypasses becoming real. One of this year’s themes of Cybersecurity Awareness Month is to enable MFA. MFA is a strong mechanism to prevent account compromise, which tends to lead to many breaches. However, in 2022,  we saw more and more attacks directed at MFA-protected accounts, and with success. Attackers are taking advantage of some downfalls of a few mechanisms of MFA. So, this means that not all MFA is created equal, but in general it is still a very strong mechanism to prevent account compromise. Depending on your threat model or your personal life or corporate life, you may want to think about the types of MFA you use. 

Contrast: What’s your biggest security concern going into 2023? 

Lindner:  Supply-chain security. As architectures become more disparate and we create more software, the potential threat vectors increase dramatically. We have not seen the last of the SolarWinds- or Kaseya-type attacks.

Contrast:  What do you think is still the most underrated or forgotten security tip in 2022?

Lindner:  Security is about control layers. Not one single tool or process will prevent a breach or compromise, but if you have appropriate control layers in place, you should be able to limit the damage. Pro tip: Do routine tabletop exercises that work through details of what you would do when/if. Get your incident response and BCP [business continuity plan] teams involved. It’s amazing the things you learn about the environment and people when doing an exercise that could someday be a real thing.

The security buck stops with organizations

Contrast: How effective (or ineffective) is the Cybersecurity Awareness Month initiative?

Lindner:  Cyber Security Awareness month has been an annual occurrence since 2004. The overall theme for the awareness is focused on individuals and keeping them safe from security and privacy threats. 

I think the purpose is great, but I do think the average human does not pay attention to the great content developed by the Cyber Security Alliance and CISA — but, instead, what the initiative has done is create a huge movement in organizations in keeping their users and customers safe in the ever-changing threat landscape. I do think … companies have a duty to protect their employees and [keep] their users safe from online threats. Not everyone can — nor do they — care as deeply about the threats that may impact their daily lives when the average human worries more about their financial stability [and about] keeping roofs over their heads and food on the table. 

I think in the next five years, there will be many more regulations requiring organizations to protect data and enable the controls that are required to protect employees and users from the online threats they may not think about today.

With regards to the effectiveness of the original intent of the month, I don’t think it hits the average person at all directly, but it does hit home to organizations, and I think that is where the onus and responsibility lie.

We’re excited to be a National Cybersecurity Alliance member and Champion of Cyber Security Awareness month again this year. We believe the National Cybersecurity Alliance shares our mission of increasing industry-wide transparency and information sharing. We’re steadfast in our commitment to raise cybersecurity awareness across the world, develop innovative solutions and help our customers be more prepared for future attacks.

Read more about Contrast’s participation in Cybersecurity Awareness Month here

Lisa Vaas, Senior Content Marketing Manager, Contrast Security

Lisa Vaas, Senior Content Marketing Manager, Contrast Security

Lisa Vaas is a content machine, having spent years churning out reporting and analysis on information security and other flavors of technology. She’s now keeping the content engines revved to help keep secure code flowing at Contrast Security.