Do we really need to be discussing yet another acronym? Maybe not, but NCSAM is an important one.
Co-sponsored by the National Cyber Security Division (NCSD) within the Department of Homeland Security and the nonprofit National Cyber Security Alliance (NCSA), National Cyber Security Awareness Month has been an annual observance in the U.S. since its inception in 2004.
Fast forward to 2016 and we find ourselves in a digitally connected world where cyber threats seem to be lurking around every corner. No one wants to be an easy target, and as an IT security professional, you are faced with the daily challenges of keeping your organization’s digital assets safe.
All organizations are thinking about how they can build and reinforce a workplace culture of security and privacy. The federal government has been hacked, major industry players have been hacked, and chances are one or more businesses that you work with have been hacked as well. The question is, do you know it, and if you do, what can you do about it? This might just be the scariest cyber security issue we face as a nation.
National Cyber Security Awareness Month is designed to engage and educate public and private sector partners to raise awareness about cyber security, provide tools and resources needed to stay safe online, and increase the resiliency of the nation in the event of a cyber incident.
During the month of October, NCSAM reaches out to all Americans, to public and private sector partners, and to the international community to spotlight security issues and offer tips and best practices concerning how to stay safe online. The overall NCSAM theme is Our Shared Responsibility to reflect the notion that cyber space cannot be secured without all users getting involved.
NCSAM 2016 Weekly Themes
Five weekly themes offer the opportunity for government, industry, and individual citizens to get involved in the cyber security activities most relevant to them:
- (Week 1) October 3-7, 2016: Every Day Steps Towards Online Safety with the Stop.Think.Connect.™ Campaign
- (Week 2) October 10-14, 2016: Cyber from the Break Room to the Board Room
- (Week 3) October 17-21, 2016: Recognizing and Combating Cyber Crime
- (Week 4) October 24-28, 2016: Our Continuously Connected Lives: What’s Your ‘App’-titude?
- (Week 5) October 31, 2016: Building Resilience in Critical Infrastructure
More than ever, cyber security is a moving target, and staying ahead of the curve has gotten to be an ever-increasing challenge. The NCSAM theme of Our Shared Responsibility says that we need to fight back together if we’re ever going to turn the tide on data breaches, phishing attacks, and other malicious online threats that cost organizations and individuals each year.
The Department of Homeland Security is asking everyone to get involved, get educated, and stay safe.
You can start by using the NCSAM hashtag #CyberAware in your social media messages during the month. You can also visit the NCSAM and the StopThinkConnect websites to learn more about how to take part in this important initiative.
Because this is such a timely topic, WhiteHat Security's Threat Research Center recently did a customer survey about cyber security awareness, soliciting valuable first-hand advice from customers in the trenches. This advice included:
- Be proactive and build with security in mind every step of the way. It may take a bit more time or cost a bit more money, but it's a solid investment to prevent media embarrassment and loss of trust from your users and the public at large, all of which will negatively impact your business.
- Don't reuse passwords. If a username/password pair is leaked in a data breach, attackers will try these credential pairs on many different web services. If you use the same password for multiple services, this is one of the easiest ways for your account to become compromised.
- Know where your weaknesses are and limit your exposure.
- Don't wait to remediate your vulnerabilities. It’s better to be safe than sorry. Patch all vulnerabilities no matter how small the possible damage might be.
- Think like a hacker and hack yourself first.
- Trust no one.
- Invest in security specialists like WhiteHat iso that you can meet enterprise-level compliance standards. This will cover many aspects of vulnerability security, including but not limited to the OWASP Top 10.
- Combine Dynamic and Static application security testing with manual testing to ensure complete coverage for applications that are likely to be targeted by attackers.
- Educate your workforce so that security is built into the end-to-end life cycle of your products and operations.