Cybersecurity Awareness Month Continues With More Commentary From Industry Experts

October marks National Cybersecurity Awareness Month (NCSAM), a significant initiative launched in 2004 by the U.S. Department of Homeland Security and the National Cyber Security Alliance. The goal is to have a month dedicated to reinforcing the importance of safeguarding our online presence. It began as an American effort, but the message resonated far and wide. Today, numerous countries around the globe have embraced the cause, underscoring that cyber threats don’t recognize borders. It’s a collective call to action, urging individuals and organizations to prioritize online safety, no matter where they’re located. It’s truly a global commitment to cyber resilience.

Following up on my last post, I have more commentary on this important initiative.

Raffaele Mautone, CEO of Judy Security (

Cybersecurity Awareness Month is upon us, marking two decades of promoting digital safety through the joint efforts of the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance. This year’s theme, “Secure Our World,” underscores the critical importance of cybersecurity, especially for small businesses (SMBs), which are particularly susceptible to common cyber threats like phishing and ransomware. These malicious attacks can result in significant financial losses, damage to reputation, and even legal consequences.

To safeguard their enterprises and ensure long-term success, SMBs must prioritize cybersecurity, fostering a robust culture of security, raising awareness, and providing comprehensive training. However, it’s essential to recognize that it is unrealistic to expect SMBs to exhaust their budgets on expensive and hard-to-manage point security products. Instead, they need affordable and easy to operate all-in-one cybersecurity solutions that simplify the management of their IT infrastructure while remaining vigilant in monitoring and remediating threats.

John Benkert, CEO Cigent Technologies

Quantum Computing – Organizations should be deeply concerned about the implications of quantum computing for several reasons. At the forefront is the potential for quantum computers to break many of the cryptographic systems that currently safeguard data, transactions, and communications. Classical encryption methods, like RSA and ECC, which are considered secure against conventional computers, are susceptible to algorithms like Shor’s algorithm when run on a sufficiently powerful quantum computer. Once these cryptographic methods are compromised, everything from online banking transactions to confidential communications could be at risk. Essentially, the digital security infrastructure that underpins much of today’s internet, finance, and communication sectors could become obsolete very quickly.  To put it simply if you or your organization uses tools like secure messaging the information would be at risk.

AI – AI-driven threats harness advanced machine learning and artificial intelligence capabilities to strategize, execute, and adapt to security measures in real-time, often outpacing traditional security protocols. These attacks can autonomously analyze vast datasets, identify system vulnerabilities at an unprecedented pace, and craft tailored exploits. The adaptability of AI means that it can learn from countermeasures, making iterative attacks more potent. Static defenses could be circumvented by malware that evolves in response to detection attempts, turning the traditional cat-and-mouse game of cybersecurity into an arms race of machine learning models.

Ryan Maltzen, Cybersecurity Architect, Fortra

Cybersecurity awareness and education has come a long way, but the industry moves fast. The issue isn’t that awareness and education are lacking in content or direction, it’s the ongoing adoption by users who are fatigued by the constant push for “more training” or “more compliance”. Pushing users through hours of training videos (many of which turn into “speed runs” for the more knowledgeable user) makes them lose their impact and value. Newer, more engaging education methods need to be identified to cover this gap. These include gamifying learning and education, offering more engaging and interactive tabletop-style exercises, or even having red teams walk through how they coerce users to give up “the keys to the kingdom” so the average user can see malice in action and get a good sense of how far cybercriminals are willing to go just to make incremental progress towards exploitation. All of these would provide something new and interesting to users who may have lost interest in the standard educational methods. Engaging with users in fun and meaningful ways helps to raise the fruit higher on the tree, and it’s high time that fruit gained altitude!

Theo Zafirakos, CISO, Professional Services Lead, Fortra’s Terranova Security

Cybersecurity awareness is not a responsibility that should solely apply to end users. Instead, it must be thoroughly woven into the fabric of every stage of business process and system development. From the executive boardrooms where strategic decisions are made to the business unit leaders who define the overarching goals, down to the IT architects and solution engineers who design the technological infrastructure – all stakeholders must be actively engaged in prioritizing and implementing robust cybersecurity measures, that are intuitive and easy to follow. By instilling a culture of security awareness at the highest levels, it becomes a collective commitment to protect sensitive data, systems, and customer trust. This approach ensures that security is not an afterthought but an integral part of the development process, resulting in a safer digital landscape for all.

Allen Drennan, Co-Founder & Principal, Cordoniq

In a perfect world, organizations and developers are constantly evaluating their solutions for vulnerabilities. While many of the vulnerabilities are directly related to software flaws in products, they are just as likely to arise from unpatched operating systems and supporting technologies. Many products are considered legacy but still in wide-spread use, so it’s not always possible to fix security flaws in these products, and phasing them out for newer and better support solutions can be an expensive and time consuming process.
Organizations should consider implementing virtual private and secure networks around these systems and isolate them from customer-facing and Internet-facing access, in order to prevent unauthorized intrusion and man-in-the-middle style attacks.

Leave a Reply

%d bloggers like this: