Agencies Kick Off Cybersecurity Awareness Month

By Megan Gates

2 October 2020

The power of the Internet has never been more on display than it has been in 2020 as people around the world turn to computers and connected devices to conduct essential business while remaining apart to slow the spread of COVID-19.

But with this increased connectivity has come a change in cybercrime with criminals leveraging the pandemic to target victims, says Tonia Dudley, National Cybersecurity Alliance (NCSA) board member and director, security solution advisor, at Cofense, a phishing defense solution provider.

“When we first started tracking this in early March, we started to see some targeted things,” she explains. “As the pandemic expanded, as more countries and organizations went on lockdown, it was evident that current phishing kits were being amended around COVID. They adapted their kits to include those themes.”

Nothing was off limits to these threat actors, including phishing emails disguised as termination type notifications. To share the types of phishing messages it was seeing threat actors use and to help educate the public, Cofense created a Coronavirus Infocenter.

“We recommended that you don’t want to simulate around this—because of the sensitivity around this,” Dudley says. Instead, Cofense analysts “posted copies of real emails that we were finding and provided a threat feed for organizations to do proactive hunting in their organizations.”

Educating the public about cybercrime and how to protect themselves against it are core components of Cybersecurity Awareness Month, which began 1 October during what may be a permanent shift in how individuals engage with the Internet.

Stay connected during #CybersecurityAwarenessMonth 2020! Follow @StaySafeOnline and @CISA to get the latest #BeCyberSmart updates throughout October! https://t.co/N38s1ti5MA pic.twitter.com/O6dg9lNkmN
— NatlCyberSecAlliance (@StaySafeOnline) October 1, 2020

“This year, we’ve seen a major, and likely permanent, shift in the way we work, learn, and socialize, as more and more of our activities have gone virtual,” said U.S. Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs in a press release. “Gone are the days when individuals could think about cybersecurity casually. Our homes, schools, and businesses are now more connected than ever, introducing a whole new set of potential vulnerabilities. Everyone needs to be aware of these risks and take an active role in addressing them.”

The theme for this year’s Cybersecurity Awareness Month reflects those sentiments: “Do Your Part. #BeCyberSmart.” It encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.

“If everyone does their part—implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees—our interconnected world will be safer and more resilient for everyone,” according to the NCSA.

NCSA and CISA were already working on the theme, with a major focus on the Internet of Things and protecting home networks, before the COVID-19 pandemic began, Dudley says. “It just happened that the theme lined up to moving to this working remote environment.”

As part of Cybersecurity Awareness Month, the NCSA is offering individuals and security practitioners resources to help them protect their networks, their devices, and adopt better security practices—such as using a password manager, multifactor authentication, and more.

Dudley also adds that the NCSA website provides information on how individuals can become a Cybersecurity Awareness Month Champion to promote a safer, more secure and trusted Internet. Champions receive access to a toolkit of materials to implement cyber awareness initiatives and activities during the month of October. Champions include representatives from cybersecurity companies, government entities, and small businesses.

Each week of the month will also have a theme to help individuals focus their efforts:

Week of October 5: If You Connect It, Protect It
Highlights the ways Internet-connected devices impact our lives and empowers individuals to own their role in security by taking steps to reduce their risks.

Week of October 12: Securing Devices at Home and Work
Focuses on steps users and organizations can take to protect Internet-connected devices for personal and professional use.

Week of October 19: Securing Internet-Connected Devices in Healthcare
Focuses on hospitals, care facilities, and telemedicine patients, discussing the implications of Internet-connected devices.

Week of October 26: The Future of Connected Devices
Looks at how technology innovations impact consumers’ and businesses’ online experiences.

ASIS International is also offering webinars, recommendations, and best practice guidance on information security and privacy to help individuals, their organizations, and communities stay safe online. To learn more, visit the Cybersecurity Awareness Month 2020 resource page.