Do your part during National Cybersecurity Awareness Month

  • Published
  • By 1st Lt. Brice Tucker, 6th Communications Squadron officer in charge plans and projects

This October marks the third year of the “Do Your Part. #BeCyberSmart” overall theme for the National Cybersecurity Awareness Month.

The theme’s main objective is to charge individual users and organizations to do their part in defending their cyber assets. With everyone’s involvement, we can better secure our accounts, networks, and systems from malicious threats.

Each week of the month presents a different topic starting with October 4, “Be Cyber Smart.”

With almost every part of our lives connected to technology, our data has become invaluable. In recent years, data has become widely known as the world’s most valuable resource surpassing oil, which is the prime reason why cybercriminals work tirelessly to get their hands on it.

According to IBM, the average cost of a data breach in the U.S. is approximately $4.24 million, with 20% of the violations caused by compromised credentials.

To keep our information safe, we must use the best security practices in every aspect of cyber, including strong passwords, multi-factor authentication, data backups and software updates.

When it comes to our account passwords, it is most of the time not the strength of the passwords that lead to account compromise, but the frequency that a particular password is used.

In a study, Google found that more than 65% of people use the same password across multiple accounts, if not all, sites requiring one.

The more stunning statistic is that LogMeIn, a technology company based in Boston, learned that more than 91% of individuals know this practice is extremely risky from a security standpoint. The company also found that the average person uses the same password as many as 14 times.

Verizon’s 2021 Data Breach Investigation Report also noted that 81% of data breaches are because of compromised passwords. The intent of these staggering statistics is to compel you to take your password creation and management more seriously.

The previous week’s topic segues perfectly into week two’s theme, “Fight the Phish,” alluding to the most prominent attack vector during the COVID-19 pandemic.

Just as passwords used to keep others from accessing our information, cybercriminals have found clever ways to manipulate individuals, tricking them into unknowingly compromising their personal information to them.

With most of the world working virtually from home, cybercriminals have additional opportunities to target individuals, ultimately raising the number of phishing incidents by more than 220%.

The FBI’s Internet Crime Complaint Center reported more than $54 million was lost to phishing attacks during 2020.

During a recent readiness exercise here at MacDill AFB, a local cybersecurity “Red Team” created multiple exercise “phishing” attempts to test users’ ability to recognize these threats at work and on their personal computers.

It only takes one user to click a link and allow malware to propagate onto the network.

As a rule of thumb, we recommend following the 6th Air Refueling Wing Vice Commander Col. Cory Damon’s “READ” acronym.

Is the email relevant to you? Is the email something you are expecting? Is the email addressed properly? Additionally, is the email digitally signed? As always, if it sounds too good to be true, then it is most likely a phishing attempt.

With the world in such dire need of cybersecurity experts, week three focuses on cybersecurity careers.

The theme for this week is “Explore. Experience. Share,” prompting individuals to consider a career in cybersecurity.

As of May of this year, an estimated 500,000 unfilled cybersecurity roles in the United States were reported by the Department of Commerce. The median pay for these roles comes in around the $100,000 mark, about $45,000 more than the national average.

With more jobs than qualified candidates to fill them, a career in cybersecurity sounds more promising than ever.

Lastly, week four’s concern is “Cybersecurity First,” emphasizing a focus for all of us to make cybersecurity not only a business priority but also a personal priority.

With our reliance on technology, we should be incorporating security into our routine business practices and everyday lives. DoD mandated training should not be the extent of our cybersecurity training but instead serve as the baseline.

As we put a special focus on cybersecurity in October, we all know that we must remain laser focused on this threat – at home and at work. As our world becomes even more connected, malicious actors are working around the clock finding new ways to take advantage of this evolving domain.

So remember, “Do YOUR Part. #BeCyberSmart!”

For more information, visit https://www.safcn.af.mil/Organizations/CISO-Homepage/Cybersecurity-Awareness-Month-CSAM/CSAM-2021/