Businesses of All Sizes Urged to Create Culture of Cybersecurity and Protect Assets This National Cyber Security Awareness MonthGrowing the next generation of a skilled cybersecurity workforce is a starting point to building stronger defenses
Washington, D.C., Oct. 12, 2016 – As the world becomes more connected, all organizations face growing risks for cybersecurity attacks: the number of breaches exposing more than 10 million identities went up 125 percent from 2014 to 2015, and 429 million identities were exposed in breaches in 2015. The National Cyber Security Alliance (NCSA), the U.S. Department of Homeland Security (DHS) and industry partners, and the nonprofit sector and government are leveraging the second week of National Cyber Security Awareness Month (NCSAM) to emphasize the importance of creating a culture of cybersecurity across every business, from the break room to the boardroom.
“Organizations of any size – including healthcare providers, colleges and universities, government agencies and nonprofits – can fall victim to cybercrime, which could result in stolen personal information or intellectual property or serious disruptions to our daily way of life,” said NCSA Executive Director Michael Kaiser. “It’s important for employees at all levels to be keenly aware of the roles they play in keeping their own workplaces – and the general public – safer and more secure online.”
NCSA recommends a top-down approach to building a culture of cybersecurity in the workplace. Leadership must start from the top and begin by identifying the critical information to protect – or “crown jewels” – such as consumer data, employee data, copyrights and intellectual property and securing that information. “The groups that work to build up their resistance and resilience are best prepared to combat cyber threats,” said Kaiser.
NCSA recommends taking the following steps developed by the National Institute of Standards (NIST) and building a plan to keep your business cybersecure:
Learn more about creating a culture of cybersecurity at your workplace with NCSA’s new infographic. Download and share it on social media using the hashtag #CyberAware.
Employee awareness and training are also key elements of fostering cybersecurity in the workplace; the number of spear-phishing campaigns targeting employees increased 55 percent from 2014 to 2015. “Everyone at work plays an essential role in protecting the company and its sensitive data,” said Kaiser. “It’s crucial to educate your staff about how to use the internet safely at work and at home and to continually remind them of the importance of protecting organizational and personal information.”
To address the needs of small- and medium-sized businesses, NCSA recently created a workshop to help these businesses learn to be safer and more secure online in easily understandable language. In this workshop, using a simplified version of the NIST Cybersecurity Framework, content from federal partners and the most recent threat data, NCSA teaches smaller entities how to think about cybersecurity and offers real-life scenarios and steps to take to better secure their data. NCSA designed the workshop to be highly interactive and based on adult learning principles, allowing owners and operators to apply the lessons to their individual situations and share findings with their peers. Attendees learn how to 1) understand the assets they have that others might want to steal, 2) protect those assets without having to spend a lot of money or time, 3) detect when something has gone wrong and how to react quickly and appropriately to make the impact as minimal as possible, 4) understand the need to create a plan of action that can be implemented when a breach or hack occurs and 5) determine what resources are needed to quickly recover.
World's Largest Social Network Brings Gaming into Security Education
Facebook takes a proactive approach to security, including how it creates and retains a security-conscious culture. During its annual month-long initiative, Hacktober, the company encourages its employees to demonstrate their security prowess and learn new skills through a company-wide Capture the Flag (CTF) competition. CTFs combine traditional "king of the hill" challenges with Jeopardy!-style questions, and are a popular teaching tool within the security community. Earlier this year, the company launched a free version of the platform so other organizations can use it to teach security skills to employees, students, and other stakeholders.
Employee training and awareness activities can help promote a culture of cybersecurity, but another key factor to address is the shortage of highly skilled cybersecurity professionals currently in the workforce. Despite the growing demand for cybersecurity talent in an increasingly connected world, there were more than 209,000 unfilled cybersecurity job postings in the United States in 2015 – 74 percent more unfilled positions than there were five years before.
A Raytheon-NCSA survey released today, “Securing Our Future: Closing the Cybersecurity Talent Gap, explores the attitudes of millennials internationally and their awareness of and interest in the cybersecurity field. This is the fourth year that NCSA and Raytheon have partnered for the survey, and Raytheon’s support has been extremely valuable in growing the success of NCSAM each year. While the 2016 survey found some improvements in education and awareness of cybersecurity as a profession over last year, still only 54 percent of men and 36 percent of women reported being aware of what a cyber pro’s job entails. Additionally, only 27 percent of men and 19 percent of women said their high schools had prepared them to use technology safely and ethically in the workplace, and only 40 percent of men and 28 percent of women said they had received information about cyber careers from their high school teachers or counselors.
“While we were thankful to see growth in the awareness of cybersecurity as a viable profession for young people, it’s critical for key influencers – like parents, teachers and guidance counselors – to learn more about this growing and important career option,” said Kaiser. “It is essential that students graduate with the skills they need to not only operate the internet in the safest and most secure way possible, but also to embark on the many diverse careers that protect it.”
Parents can play a significant role in helping to close the cyber talent gap – and promoting a safer internet for the future – by educating their children about cybersecurity careers. Forty percent of respondents said that their parents were the most influential people in their lives when it came to choosing careers, but only 26 percent of men and 18 percent of women reported being confident in their parents’ knowledge of cyber careers. These results suggest a need for parents to receive more resources and information about cybersecurity careers in order to better guide their children in their career decisions. For tips on how you can help teach your children and kids in the community about cybersecurity careers, check out NCSA’s advice.
Week 2 NCSAM Resources
Upcoming NCSAM Events
Throughout the month, you can follow the NCSAM conversation on social media using the hashtag #CyberAware (and tagging your own posts with #CyberAware, too!). Additionally, @STOPTHNKCONNECT is hosting weekly Twitter chats throughout October to discuss different topics and trends in cybersecurity. Tune in each Thursday through Nov. 3 at 3 p.m. EDT to join the conversation, and visit the STOP. THINK. CONNECT.™ website for the full chat schedule. NCSA has created sample social media posts, infographics, posters, memes and more that encourage organizations and individuals to show their support for NCSAM and that can be downloaded and shared. You can also get the latest resources as they are available by registering as a NCSAM Champion. Finally, check out the Stay Safe Online blog for NCSAM posts from NCSA and partners during the month of October.
About National Cyber Security Awareness Month
National Cyber Security Awareness Month (NCSAM) was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Now in its 13th year, NCSAM is co-founded and co-led by the U. S. Department of Homeland Security and the National Cyber Security Alliance, the nation’s leading nonprofit public-private partnership promoting the safe and secure use of the Internet and digital privacy. Recognized annually in October, NCSAM involves the participation of a multitude of industry leaders ‒ mobilizing individuals, small and medium-sized businesses, nonprofits, academia, multinational corporations and governments. Encouraging digital citizens around the globe to STOP.THINK. CONNECT.™, NCSAM is harnessing the collective impact of its programs and resources to increase awareness about today’s ever-evolving cybersecurity landscape. Visit the NCSA media room to learn more.
About the National Cyber Security Alliance
The National Cyber Security Alliance (NCSA) is the nation's leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with the U.S. Department of Homeland Security (DHS) and NCSA's Board of Directors, which includes representatives from ADP; AT&T Services, Inc.; Bank of America; Barclays; BlackBerry Corporation; Cisco; Comcast Corporation; ESET North America; Facebook; Google; Intel Corporation; Logical Operations; Microsoft Corp.; NXP Semiconductors; PayPal; PKWARE; Raytheon; RSA, the Security Division of EMC; Salesforce; SANS Institute; Symantec and Visa Inc. NCSA’s core efforts include National Cyber Security Awareness Month (October), Data Privacy Day (January 28) and STOP. THINK. CONNECT.™, the global online safety awareness and education campaign cofounded by NCSA and the Anti Phishing Working Group, with federal government leadership from DHS. For more information on NCSA, please visit staysafeonline.org/about-us/overview/.
About STOP. THINK. CONNECT.™
STOP. THINK. CONNECT.™ is the global cybersecurity education and awareness campaign. The campaign was created by an unprecedented coalition of private companies, nonprofits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The U.S. Department of Homeland Security leads the federal engagement in the campaign. Learn how to get involved at stopthinkconnect.org.
 Symantec Internet Security Threat Report 2016
 Peninsula Press (2015). Demand to fill cybersecurity jobs booming.