It’s Cyber Security Awareness Month: Are we more aware of the risks?

This month is the 12th annual Cyber Security Awareness Month. Since 2004, the Department of Homeland Security has designated October as the month to pay extra attention to the issue of cybersecurity.

What has happened since the first Cyber Security Awareness Month? Are we, the general public, more aware of the dangers of having sensitive information stolen and are we taking the necessary precautions to minimize that risk?

One would think that with all the publicity surrounding the everyday occurrence of massive data breaches, most of us would be more diligent protecting the information we have stored online.

On the one hand, companies and organizations have collectively spent infinite financial and personnel resources on deploying every kind of IT security technology: hardened operating systems, network firewalls, intrusion detection systems, application firewalls, content filtering, vulnerability and web application scanners, just to name a few.

But the fortresses that organizations have built around their networks haven’t deterred cybercriminals. It has only made them turn their focus to the easiest vulnerability to exploit in any organization: end users.

Face it: You can have the greatest security technology in the world protecting your facility, but it won’t do much good if Barney Fife is guarding the front gate.

Now imagine you have facilities scattered around the country or world, and you have thousands of Keystone Kops trying to keep the bad guys out. Good luck with that.

Anybody who has access to your organization’s network is a potential vulnerability. And since the first Cyber Security Awareness Month more than a decade ago, end users have made the hackers’ jobs much, much easier. Consider:

Facebook launched just seven months before the first Cyber Security Awareness Month. Since then, Twitter, LinkedIn, Instagram and countless other social networks have cropped up. Each of these sites invites people to share every detail of their lives: the names of their kids and pets, where they attended college, their favorite sports team. In other words, the kind of stuff people use for passwords or to answer the security questions when they forget their passwords. You don’t have to be Inspector Clouseau to connect the dots nowadays.

Once hackers have the password to one site, they often have a master key to multiple sites. One survey shows 61 percent of people reuse passwords on multiple sites, and 54 percent have only five or fewer passwords they use across the web.

While we’re on the subject of passwords, some people aren’t even trying to keep the bad guys out. When the adulterer enabling website Ashley Madison was hacked earlier this year, it was discovered that the two most common passwords used by the site’s clients were ‘123456’ and ‘password.’ It’s almost like they wanted to get caught.

Passwords aren’t the only way end users enable criminals to access your company’s network. Last year, Intel Security and CBS News teamed up to test people’s ability to spot phishing emails. More than 19,000 have taken this test and 80 percent have fallen for at least one fake phishing email.

Are people just lazy, foolish, or are some even today still ignorant of the danger? A survey by Enterprise Management Associates revealed that 56 percent of employees do not receive security or policy awareness training from their organizations. Could that help explain weak passwords and the inability to spot a phishing email?

So instead of designating one month of the year to cybersecurity awareness, perhaps it should be a daily occurrence.

Related Articles