Technology has become an integral part of life. The rapid digitisation of a multitude of aspects across both our personal and professional lives has undoubtedly brought a wealth of opportunities and convenience. However, it has also exposed us to an ever-evolving realm of cyber security concerns.
This year, as we mark the 20th anniversary of National Cyber Security Awareness Month (NCSAM), we find ourselves at a critical point where knowledge and vigilance are essential for safeguarding our digital world.
What is Cyber Security Month 2023?
October is a pivotal month in the calendar for the security industry. Cyber Security Month, also known as National Cyber Security Awareness Month (NCSAM), is an annual event observed across the United Kingdom, the United States, and Europe. Ultimately, the overarching aim is to address the importance of cyber security, together with promoting sound cyber security practices among individuals and at every level within the corporate world.
Throughout Cyber Security Month, a collaborative effort is made by government agencies, non-profit organisations, and cyber security experts to share educational collateral, conduct workshops, host webinars, and organise various events. These initiatives are designed to empower people to understand and address cyber security threats and challenges effectively. Topics covered often include online safety, password security, identifying phishing attempts, data protection, and the significance of keeping software and systems up to date.
The month-long campaign encourages both individuals and organisations to take proactive steps to strengthen their cyber security posture, mitigate the risks associated with cyber-attacks and protect sensitive information. Furthermore, it opens up the dialogue on best practices in cyber security and the ever-evolving landscape of cyber threats.
Cyber Security Month serves as a reminder that we are all, as individuals, responsible for staying well-informed about cyber security and for adopting robust cyber security habits in order to safeguard the organisations within which we work in this digital age.
When is Cyber Security Awareness Month 2023?
This year marks the 20th anniversary of National Cyber Security Awareness Month (NCSAM) which is observed annually, throughout the month of October.
As part of a collaborative effort between government and industry, organisations across the globe will be taking part in initiatives to advance security education and awareness. This October, our focus will be on tracing the evolution of security awareness and identifying the ongoing measures required to protect both the public and private sectors against the continually changing landscape of cyber threats.
What is the theme of Cyber Security Awareness Month 2023?
#BeSmarterThanAHacker is the theme this October. This theme emphasises the importance of knowledge and tools for employees to protect themselves and their organisations from cybercriminals.
Employees remain the target for over 90% of successful cyber security attacks, making them central to the majority of modern-day cyber-attacks. Criminals aim to exploit them to gain access to critical business systems, sensitive data, and financial assets.
With this hard-hitting stat front of mind, it’s clear it has become increasingly vital for the workforce to be trained in identifying cyber security threats and adopting proper practices to prevent them.
What's the primary cyber security threat in 2023?
In 2023, phishing attacks emerge as the most significant threat to businesses and individuals. This is substantiated by the findings of the 2023 cyber breaches survey published by the UK government in which 89% of businesses cited a phishing attack as the root cause of a cyber breach.
Phishing attacks manifest in various forms but share the common goal of deceiving individuals or organizations into disclosing sensitive information such as login credentials, financial data, or personal details. Here are some examples of phishing attacks:
Attackers send deceptive emails that appear legitimate, often impersonating banks, social media platforms, or trusted companies. These emails contain links to fake websites designed to steal login information.
Attackers target specific individuals or organizations, tailoring their phishing messages to appear highly personalized, often using information gleaned from social media or other sources.
Vishing (Voice Phishing)
Attackers use phone calls to impersonate trusted entities like bank representatives or tech support, coaxing victims into revealing personal or financial information over the phone.
Smishing (SMS Phishing):
These attacks use text messages to deceive recipients into clicking on malicious links or sharing sensitive information, often claiming to be from a bank or government agency.
Cybercriminals tamper with DNS settings or use malicious code to redirect victims to fraudulent websites where they unwittingly enter their login credentials.
Attackers copy legitimate emails, make minor modifications, and send them to targets, making the email appear genuine and increasing the chances of success.
Phishing emails may contain malicious attachments, such as infected documents or files, which can install malware on the victim's device.
CEO Fraud or Business Email Compromise (BEC)
In BEC attacks, the attacker impersonates a high-ranking executive within an organization and requests financial transactions or sensitive information from employees, often resulting in financial losses.
Search Engine Phishing
Attackers create fake websites that mimic popular search engine results, leading users to fraudulent sites designed to steal their information.
These attacks occur on social media platforms, where attackers create fake profiles or impersonate real users to gather personal information.
Phishing emails may deliver ransomware, encrypting a victim's data and demanding a ransom for decryption.
Phishing attacks often serve as a vehicle to deliver harmful payloads like malware or ransomware, but they can also be as simple as requesting information via email, phone calls, text messages, or in-person conversations.
How to Stay Secure during Cyber Security Awareness Month
Given that a majority of cyber-attacks, especially phishing attacks, target employees, it is crucial for businesses to invest in securing both their systems and their people with technology. With the added risk posed by remote working, which has become widespread in the UK, organisations heavily rely on their workforce's ability to detect and prevent cyber threats. Despite industry-standard phishing protection solutions such as email security, web security, and cloud access security brokers, cybercriminals continually find ways to circumvent these measures and target employees.
The most effective approach to address this challenge is to implement a comprehensive security awareness training and testing program for staff. We strongly recommend a fully managed security awareness program to ensure that your business doesn't expend excessive time, resources, and finances on training and maintaining staff cyber vigilance.
Security awareness training has been proven to reduce risks within organisations. At Focus Group, through our Cyber Security Awareness (CSA) services, we have assisted over a thousand businesses and more than 500,000 employees in understanding the cyber risks they face. We provide businesses with evidence of their workforce's resilience against phishing attacks and offer ongoing measures to ensure their security remains robust as cyber threats evolve and the threat landscape changes.
If your organisation could make a single investment during Cyber Security Awareness Month to significantly enhance its security posture, it would be fully managed Security Awareness Training and Testing (SATT).Find out more about SATT >
Our IT world, together with the ongoing development of this business-critical portfolio of services, is in very capable hands with Laurence at the helm. IBM-trained and with a 22-year track record of proven success in the IT sector ensures Laurence is perfectly placed to lead the overall IT strategy for Focus Group, ensuring we’re at the forefront of product development and service innovations in order to deliver the best possible IT technologies for our customers.