Washington, D.C. – As the world becomes more connected, all organizations face growing risks for cybersecurity attacks: the number of breaches exposing more than 10 million identities went up 125 percent from 2014 to 2015, and 429 million identities were exposed in breaches in 2015. The National Cyber Security Alliance (NCSA), the U.S. Department of Homeland Security (DHS) and industry partners, and the nonprofit sector and government are leveraging the second week of National Cyber Security Awareness Month (NCSAM) to emphasize the importance of creating a culture of cybersecurity across every business, from the break room to the boardroom.
“Organizations of any size – including healthcare providers, colleges and universities, government agencies and nonprofits – can fall victim to cybercrime, which could result in stolen personal information or intellectual property or serious disruptions to our daily way of life,” said NCSA Executive Director Michael Kaiser. “It’s important for employees at all levels to be keenly aware of the roles they play in keeping their own workplaces – and the general public – safer and more secure online.”
NCSA recommends a top-down approach to building a culture of cybersecurity in the workplace. Leadership must start from the top and begin by identifying the critical information to protect – or “crown jewels” – such as consumer data, employee data, copyrights and intellectual property and securing that information. “The groups that work to build up their resistance and resilience are best prepared to combat cyber threats,” said Kaiser.
NCSA recommends taking the following steps developed by the National Institute of Standards (NIST) and building a plan to keep your business cybersecure:
- Identify your digital “crown jewels”
- Protect your assets
- Be able to detect incidents
- Have a plan for responding
- Quickly recover normal operations
Learn more about creating a culture of cybersecurity at your workplace with NCSA’s new infographic. Download and share it on social media using the hashtag #CyberAware.
Employee awareness and training are also key elements of fostering cybersecurity in the workplace; the number of spear-phishing campaigns targeting employees increased 55 percent from 2014 to 2015. “Everyone at work plays an essential role in protecting the company and its sensitive data,” said Kaiser. “It’s crucial to educate your staff about how to use the internet safely at work and at home and to continually remind them of the importance of protecting organizational and personal information.”
To address the needs of small- and medium-sized businesses, NCSA recently created a workshop to help these businesses learn to be safer and more secure online in easily understandable language. In this workshop, using a simplified version of the NIST Cybersecurity Framework, content from federal partners and the most recent threat data, NCSA teaches smaller entities how to think about cybersecurity and offers real-life scenarios and steps to take to better secure their data. NCSA designed the workshop to be highly interactive and based on adult learning principles, allowing owners and operators to apply the lessons to their individual situations and share findings with their peers. Attendees learn how to 1) understand the assets they have that others might want to steal, 2) protect those assets without having to spend a lot of money or time, 3) detect when something has gone wrong and how to react quickly and appropriately to make the impact as minimal as possible, 4) understand the need to create a plan of action that can be implemented when a breach or hack occurs and 5) determine what resources are needed to quickly recover.
World’s Largest Social Network Brings Gaming into Security Education
Facebook takes a proactive approach to security, including how it creates and retains a security-conscious culture. During its annual month-long initiative, Hacktober, the company encourages its employees to demonstrate their security prowess and learn new skills through a company-wide Capture the Flag (CTF) competition. CTFs combine traditional “king of the hill” challenges with Jeopardy!-style questions, and are a popular teaching tool within the security community. Earlier this year, the company launched a free version of the platform so other organizations can use it to teach security skills to employees, students, and other stakeholders.
Employee training and awareness activities can help promote a culture of cybersecurity, but another key factor to address is the shortage of highly skilled cybersecurity professionals currently in the workforce. Despite the growing demand for cybersecurity talent in an increasingly connected world, there were more than 209,000 unfilled cybersecurity job postings in the United States in 2015 – 74 percent more unfilled positions than there were five years before.
A Raytheon-NCSA survey released today, “Securing Our Future: Closing the Cybersecurity Talent Gap, explores the attitudes of millennials internationally and their awareness of and interest in the cybersecurity field. This is the fourth year that NCSA and Raytheon have partnered for the survey, and Raytheon’s support has been extremely valuable in growing the success of NCSAM each year. While the 2016 survey found some improvements in education and awareness of cybersecurity as a profession over last year, still only 54 percent of men and 36 percent of women reported being aware of what a cyber pro’s job entails. Additionally, only 27 percent of men and 19 percent of women said their high schools had prepared them to use technology safely and ethically in the workplace, and only 40 percent of men and 28 percent of women said they had received information about cyber careers from their high school teachers or counselors.
“While we were thankful to see growth in the awareness of cybersecurity as a viable profession for young people, it’s critical for key influencers – like parents, teachers and guidance counselors – to learn more about this growing and important career option,” said Kaiser. “It is essential that students graduate with the skills they need to not only operate the internet in the safest and most secure way possible, but also to embark on the many diverse careers that protect it.”
Parents can play a significant role in helping to close the cyber talent gap – and promoting a safer internet for the future – by educating their children about cybersecurity careers. Forty percent of respondents said that their parents were the most influential people in their lives when it came to choosing careers, but only 26 percent of men and 18 percent of women reported being confident in their parents’ knowledge of cyber careers. These results suggest a need for parents to receive more resources and information about cybersecurity careers in order to better guide their children in their career decisions. For tips on how you can help teach your children and kids in the community about cybersecurity careers, check out NCSA’s advice.
Week 2 NCSAM Resources
- DHS Resources:
- C³ Voluntary Program SMB Toolkit:This toolkit includes resources specially designed to help small- and medium-sized businesses (SMBs) recognize and address their cybersecurity risks. Resources include talking points for CEOs, steps to start evaluating your cybersecurity program and a list of hands-on resources available to SMBs.
- U.S. Computer Emergency Readiness Team (US-CERT):US-CERT provides the latest information on how to secure your business networks.
- National Initiative for Cybersecurity Careers and Studies (NICCS) Portal: Creating a culture of cybersecurity in the workplace means equipping employees with cyber training. The NICCS Portal provides a robust listing of cybersecurity and cybersecurity-related training courses offered in the U.S. The training catalog contains more than 2,000 courses, with more courses added daily.
- NCSA Technology Checklist for Businesses: This checklist will help you identify the technology your business needs to protect, and shares basic security tips, considerations and resources that can assist in detecting, responding to and recovering from cyber incidents.
- Logical Operations Resources:
- CyberSAFE Readiness Test: End-users play a critical role in protecting their organization’s data, but they are often the weakest link in the security chain due to lack of awareness of potential threats. The CyberSAFE Readiness Test is a complimentary tool that can be used to measure the extent to which employees can recognize and avoid common cyber threats like phishing, malware, and non-secure websites.
- Complimentary NCSAM Kits: Help keep cybersecurity awareness front and center in your organization with a complimentary NCSAM kit. The kits, created by Logical Operations, include cybersecurity PSAs to hang up at your office, tent cards to place in breakrooms, web cam privacy covers and emails you can send to your employees.
- SANS Securing the Human Resources:
- OUCH Security Awareness Newsletter: This newsletter – published every month and in multiple languages – explains in simple terms how you can protect yourself and your business, family and community in today’s digital world.
- Security Awareness Videos: Every month, Securing the Human shares a new security awareness video on how you can securely make the most of today’s technology.
- CompTIA CyberSecure: CompTIA Cybersecure is a self-paced online course designed to educate everyone in the workplace – from the front desk receptionist to the chief executive – on the cybersecurity best practices that are vital to protecting any organization. To redeem a complimentary license, email [email protected] by Oct. 31.
- Council of Better Business Bureaus (BBB) Cybersecurity: The BBB, in partnership with NCSA, created resources providing small- and medium-sized businesses with the tools, tips and content they need to help manage cyber risks and learn about cybersecurity best practices in the business digital world.
- EDUCAUSE Review –What Do We Know about Student Security Hygiene?: Even the most savvy end users create security vulnerabilities. With millions of students working on college and university networks every day, understanding students’ information security hygiene practices is paramount to assessing security risk in higher education. Check out the EDUCAUSE Review blog here.
- Federal Trade Commission (FTC) Resources:
- Start With Security: A Guide for Business: The FTC’s Start with Security initiative includes new guidance – including ten key steps – for businesses that draws on the lessons learned in the more than 50 data security cases brought by the FTC through the years.
- Data Breach Response – A Guide for Business: You just learned that your business experienced a data breach. Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, you are probably wondering what to do next. Check out this resource to learn what steps to take and who you should contact if personal information may have been exposed.
- HIMSS 2016 Healthcare Organization’s Guide to Keeping Information Safe and Secure: Now in its third year partnering with NCSA, HIMSS is proud to release its NCSAM infographic, The 2016 Healthcare Organization’s Guide to Keeping Information Safe and Secure, and its accompanying tip sheet, Practical Tips on Safeguarding Information for Healthcare Organizations.
- National Initiative for Cybersecurity Education (NICE) Resources: Current professionals can gain hands-on cybersecurity skills by participating in cybersecurity competitions and using cyber ranges. NICE’s resources on cyber ranges and cybersecurity competitions can be used individually and in workplace teams to strengthen your cybersecurity posture.
- NSA Day of Cyber: The NSA Day of Cyber is a free, interactive web platform that enables students to test-drive and experience a day in the life of six NSA cyber professionals. The program introduces students to challenging real-life cyber scenarios while engaging them to explore the growing number of careers in computer science and cybersecurity. You can register here.
- U.S. Small Business Administration (SBA) Managing a Business – Cybersecurity: Small businesses have valuable information cybercriminals seek, including employee and customer data, bank account information and access to the business’s finances and intellectual property. The SBA provides tips for small businesses and links to other useful resources.
Upcoming NCSAM Events
- The Mid-South Cyber Security Summit, Friday, Oct. 14, FedEx Institute of Technology, University of Memphis, Memphis, TN: The Cyber Security Summit is an annual event bringing together cybersecurity leaders in government, corporations and research to address the most pressing concerns and emerging trends facing our society today. The 2016 event, hosted by NCSA, the FedEx Institute of Technology Cluster for the Advancement of Cybersecurity and Testing and the Center for Information Assurance, will focus on new cyber threats and counterintelligence. The event will be livestreamed here.Learn more and register for the Summit here.
- NCSAM Week 3 Keystone Event, Wednesday, Oct. 19, 9 a.m. – 1 p.m. (PDT), Kenneth Hahn Hall of Administration, Los Angeles, CA: The City and County of Los Angeles are hosting a keystone event as part of NCSAM week 3; panel discussions will address recognizing and combating cybercrime as a community and cybersecurity for small businesses. Learn more and register for the event here.
- CyberFest2016 – The Future Is Now, Thursday, Oct. 27, 8 a.m. – 5 p.m. (PDT), Hilton La Jolla Torrey Pines, 10950 North Torrey Pines Road, La Jolla, CA: CyberFest2016 is a gathering of cyber, infrastructure, law enforcement, InfraGuard, military and business professionals, who will explore how cyber is now so interwoven into the business fabric that should it “break,” business as we currently know it will no longer exist. Learn more and register here.
- Future of Authentication Policy Day, Thursday, Oct. 27, 1-4 p.m. (EDT), Google DC Offices, Washington, D.C.: The FIDO Alliance, the Electronic Transactions Association and NCSA will jointly host an event in support of NCSAM to highlight the importance of strong authentication, explore the evolution of the authentication market and discuss its impact on the policy and regulatory landscape. Learn more and register to attend here.
Throughout the month, you can follow the NCSAM conversation on social media using the hashtag #CyberAware (and tagging your own posts with #CyberAware, too!). Additionally, @STOPTHNKCONNECT is hosting weekly Twitter chats throughout October to discuss different topics and trends in cybersecurity. Tune in each Thursday through Nov. 3 at 3 p.m. EDT to join the conversation, and visit the STOP. THINK. CONNECT.™ website for the full chat schedule. NCSA has created sample social media posts, infographics, posters, memes and more that encourage organizations and individuals to show their support for NCSAM and that can be downloaded and shared. You can also get the latest resources as they are available by registering as a NCSAM Champion. Finally, check out the Stay Safe Online blog for NCSAM posts from NCSA and partners during the month of October.
About National Cyber Security Awareness Month
National Cyber Security Awareness Month (NCSAM) was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Now in its 13th year, NCSAM is co-founded and co-led by the U. S. Department of Homeland Security and the National Cyber Security Alliance, the nation’s leading nonprofit public-private partnership promoting the safe and secure use of the Internet and digital privacy. Recognized annually in October, NCSAM involves the participation of a multitude of industry leaders ‒ mobilizing individuals, small and medium-sized businesses, nonprofits, academia, multinational corporations and governments. Encouraging digital citizens around the globe to STOP.THINK. CONNECT.™, NCSAM is harnessing the collective impact of its programs and resources to increase awareness about today’s ever-evolving cybersecurity landscape. Visit the NCSA media room to learn more.
About the National Cyber Security Alliance
The National Cyber Security Alliance (NCSA) is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with the U.S. Department of Homeland Security (DHS) and NCSA’s Board of Directors, which includes representatives from ADP; AT&T Services, Inc.; Bank of America; Barclays; BlackBerry Corporation; Cisco; Comcast Corporation; ESET North America; Facebook; Google; Intel Corporation; Logical Operations; Microsoft Corp.; NXP Semiconductors; PayPal; PKWARE; Raytheon; RSA, the Security Division of EMC; Salesforce; SANS Institute; Symantec and Visa Inc. NCSA’s core efforts include National Cyber Security Awareness Month (October), Data Privacy Day (January 28) and STOP. THINK. CONNECT.™, the global online safety awareness and education campaign cofounded by NCSA and the Anti Phishing Working Group, with federal government leadership from DHS. For more information on NCSA, please visit staysafeonline.org/about-us/overview/.
About STOP. THINK. CONNECT.™
STOP. THINK. CONNECT.™ is the global cybersecurity education and awareness campaign. The campaign was created by an unprecedented coalition of private companies, nonprofits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The U.S. Department of Homeland Security leads the federal engagement in the campaign. Learn how to get involved at stopthinkconnect.org.
 Symantec Internet Security Threat Report 2016
 Peninsula Press (2015). Demand to fill cybersecurity jobs booming.
Fight Cybercrime During National Cyber Security Awareness Month: It’s Time to Take Action, Safeguard Devices and Protect Personal Information
October 17, 2016