In 2004, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) recognized the need to provide a way for Americans to learn more about cybersecurity. They designated October as National Cybersecurity Awareness Month (NCSAM). NCSAM is an effort to educate and inform people about the importance of cybersecurity and cybersecurity practices in their everyday lives.
It is also a time for businesses, organizations, and government agencies to re-emphasize best practices and remind employees of the importance of vigilance.
A look back at NCSAM
In 2004, cybercrime had been officially recognized as a type of crime for almost two decades. The Computer Fraud and Abuse Act of 1986 included the first federal law that specifically addressed hacking, defined at the time as accessing a computer without proper (or adequate) authorization. Commercial antivirus solutions appeared on the market in 1987.
That was just in time to be circumvented by one of the first widespread and widely recognized computer worms, the Morris worm, which propagated itself through ARPANET — an earlier version of the Internet — infecting thousands of computers in a single day.
Cybersecurity Awareness Month today
Each year, Cybersecurity Awareness Month adopts a theme to promote vigilance. 2021 saw “Do Your Part. #BeCyberSmart” taking center stage, while 2022 urges Americans to “See Yourself in Cyber.” Many of the fundamental messages have changed very little since NCASM debuted. They reflect issues that have always been and continue to be significant cybersecurity weak spots.
A key message in 2022? Use strong passwords. It is a sound recommendation, especially given that the average employee is reportedly juggling 75 passwords — one of the most common attack vectors. Which poses a major risk when 65% of large companies have more than 500 employees who have never changed their passwords.
Many of the recommendations reiterate the single greatest point of weakness in enterprise security —people. In addition to password hygiene, other people factors like “enable multifactor authentication,” “update your software,” and “recognize and report phishing” are noted as key points to share with employees this year. It is worth mentioning that only an estimated mployees at US firms could correctly define phishing.
Barriers to cybersecurity — budget and skills
You don’t have to look far to find data that underscores the alarming reality of cybercrime today. The IBM Cost of a Data Breach Report 2021 calculated the average cost of a data breach to an organization at about $4.24 million. Equally eye-catching are findings in the Cyberthreat Defense Report (CDR) that about 9 in 10 US organizations were attacked successfully in the past 12 months — but that US companies only reported a 4% increase in their cybersecurity budgets from the previous year.
The surge in cybercrime directed at enterprises is all the more concerning given the massive shortage of cybersecurity professionals available. The 2021 Cybersecurity Workforce Study found an estimated 377,000 cybersecurity jobs going unfilled in the US alone, and 2.7M globally. In a CIO survey on IT skills gaps, nearly half (49%) of respondents plan to hire for cybersecurity skills in the next year. Many respondents (54%) are considering outsourcing to specific skill sets if they are unable to hire the talent.
Cybersecurity Awareness Month at Rimini Street
We recognize the perilous state of enterprise cybersecurity. Our security team is responsible for helping protect more 2,900 clients across the globe. And we’re excited about doing our part to raise awareness during October with the following activities:
- 31 Days of Cybersecurity Tips: Follow us on social for daily cybersecurity tips for your business and personal protection. Follow on LinkedIn
- Meet our security pros: Brush up on your cybersecurity smarts with videos and blogs from our security pros who share advice, insights, and trends to help you stay safe all year long. Brush up
- Discover Rimini Protect™: Our innovative suite of security solutions provides “zero-day” proactive security protection for Oracle and SAP environments, including applications, middleware, and databases. Learn more
You might also like: