To help build enthusiasm for Cybersecurity Awareness Month in October, the National Cybersecurity Alliance (NCA) brought together a powerhouse of panelists on September 27 to talk about the changing landscape in cybersecurity over the past 3-5 years and how private citizens and public and private enterprises can use the month to better prepare themselves to combat threat actors looking to exploit them.
The NCA has partnered with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to help promote the month, which this year has the theme of "See Yourself in Cyber." Cybersecurity Awareness Month was first declared by President George W. Bush and Congress in 2004 to help individuals protect themselves online as threats to technology and data privacy became more commonplace.
This year's theme exemplifies that cybersecurity can be, and is, a complex subject, but it really comes down to people. People need resources, training, and education so the decisions they make at home, school, or work keep them and the public and private organizations protected.
For Amazon, cybersecurity is a top priority, said Jenny Brinkley, Director, Amazon Security, who was one of the webinar panelists.
"Security starts really at the beginning," Brinkley said. "Whether it's service teams building out products or frontline service team members dealing with missing packages or delivery updates, it's a balancing act so security is not a friction to innovation."
Brinkley was joined on the panel by Kate Charlet, Director for Data Governance, Google; Darren Shou, CTO, NortonLifeLock; Josh Jaffe, VP, Cyber Security, Dell Technologies; and Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4. The session was moderated by Lisa Plaggemier, Executive Director at the National Cybersecurity Alliance.
The group all agreed that it's about building a culture of resiliency so that people know how to prevent and respond to cyberattacks—at work and at home. Creating awareness is not about making people afraid; it's about empowering people to take action, providing them with the right controls, good hygiene, and the needed tools.
With the world's events the past couple of years, Shou said that 65% of consumers have spent more time online. They are working from home, managing through the pandemic and looking for vaccination info. "Criminals leverage all of it, exposing people to scams," he said.
For Charlet, the 2009 Operation Aurora cyberattack on Google was a watershed moment for the company. "These moments highlight the new actions that need to be taken," she said, including updating legacy software, for instance.
A lot of changes were made after Operation Aurora, and Charlet said Google will have an exciting announcement next month to coordinate with Cybersecurity Awareness Month.
The panelist also agreed that increased cybersecurity awareness and action at home leads to better security awareness at work—and vice versa. Education is key, and that means not making examples of folks that are breached (and who may be embarrassed to admit it), but using those as opportunities to educate and help others.
"It starts with building products that are secure by default; they need to be built-in and not just bolted on," Google's Charlet said. "It's about prioritizing secure software-building practices. Every day cybersecurity should be as easy to grasp and implement as physical security is. You don't share your PIN number with a stranger or leave your car unlocked."
Another theme touched on in the webinar was to make awareness education easy, like you're talking to a teenager:
CISA and NCA are focusing on four key areas this October:
For more on Cybersecurity Awareness Month, visit these resources:
https://www.cisa.gov/cybersecurity-awareness-month
https://staysafeonline.org/programs/cybersecurity-awareness-month