Since 2004, The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have led a collaborative effort (at the direction of the President and Congress) to raise cybersecurity awareness nationally and internationally. Marking October as Cybersecurity Awareness Month, individuals and organizations are given the tools to ramp up their cybersecurity education efforts. The theme for 2022 is "See Yourself in Cyber," putting the people aspect of cybersecurity front and center.
This focus on people is two-fold. First, there is the individual and personal responsibility each of us has to understand good cyber hygiene and conduct ourselves online in a way that protects the networks we depend on. Second, there remains a huge gap in the number of cybersecurity professionals and the number of roles that need filled. The "See Yourself in Cyber" theme invites more people to see their roles and skills in a cyber light, creating a bridge across the cybersecurity skills gap.
The key actions the campaign asks people to take are:
- Enable Multi-Factor Authentication
- Use Strong Passwords
- Recognize and Report Phishing
- Update Your Software
Government is, of course, focused on these elements and more in their move toward a zero trust architecture, mandated in the Cybersecurity Executive Order. In fact, one recent study found that the government leads industry in adopting zero trust security architectures with 72% of agencies reporting at least one related initiative underway. It may be oversimplifying these activities to group them in the consumer friendly verbiage of the Cybersecurity Month campaign, but doing so shows how much of a difference these steps can make.
Enable Multi-Factor Authentication
The study referenced above found that 66% of respondents had already implemented multi-factor authentication (MFA) for government employees, with an additional 41% planning to do so within 12 to 18 months. The practice of MFA is becoming familiar. Upon logging in, a code is texted to the user as a second step to the process. Moving forward, MFA could be even more seamless. Distributed digital identity solutions, such as a web-based API, allows websites to add token-based authentication to their platforms which means that if one government agency enrolled a user, that identity could be used across any other government agency.
Use Strong Passwords
Of course with the introduction of multi-factor identification, organizations move beyond using just passwords, but they are still a part of the mix. In line with zero trust principles, identity, credential and access management (ICAM) solutions are becoming more critical for agencies to ensure that the right person with the right privileges can access the right information at the right time. Implementing identity-as-a-service is one way agencies are bridging the skills gap, allowing them to implement cutting edge access technology without having identity experts on staff.
Recognize and Report Phishing
The FBI has found that more than $43 billion has been lost between June 2016 and December 2021 through phishing techniques that result in transfer-of-funds. State and local entities are particularly at risk. The city of Lexington, KY recently lost $4 million when a sophisticated crime ring inserted themselves into communications between the city and a nonprofit. City employees received an email they thought was from the non-profit providing new bank information, to which they then began transferring funds. To prevent incidents like this, agencies must implement more education among employees as well as add multi-factor authentication into critical financial processes.
Update Your Software
Having software updated ensures that all security patches are in place and systems are keeping up with the ever changing threats. For government, this, of course, is more complicated than making sure browsers are up to date and Microsoft Word is using the latest version update. CISA recently advised agencies to begin to ready their systems for forthcoming post-quantum cryptography standards.
In the near future, there could be quantum computing technology capable of breaking public key encryption algorithms. Agencies have to begin working today to prepare for the inevitability of quantum computers that can break standard public key encryption used by today's computers.
GovEvents and GovWhitePapers provide a wide array of resources for individuals and organizations to take ownership of their cybersecurity activity.
- Overcome Organizational Silos to Improve Cyber Risk Visibility (October 4, 2022; webcast) - Local and state governments have many endpoints and networks to manage and protect. Creating a fully integrated approach improves visibility and cohesion among branches of an agency, allowing them to take a proactive stance when it comes to mitigating risks. Learn more about unifying security approaches in this webinar.
- Identity Week America (October 4-5, 2022; Washington, DC) - This conference and exhibition brings together the brightest minds in the identity sector to promote innovation, new thinking, and more effective identity solutions.
- Cybersecurity Summit and U.S. Cyber Challenge 2022 (October 12, 2022; Washington, DC) - Produced by ACT-IAC, this event will address the cybersecurity issues and threats of today with presentations from government and industry cyber leaders, and will also provide a special dedication and awards ceremony to the winners of the U.S. Cyber Challenge.
- Don't Let the Phish Bite: Protect Yourself and Others (October 12, 2022; webcast) - This webinar will cover how to identify cyber threats and protect yourself, your family, and your organization including what you should know about phishing, key signs of social engineering, and how to think like a threat actor.
- Authenticate 2022 (October 17-19, 2022; Seattle, WA) - Relying on passwords is passe. Modern authentication systems and standards have emerged to provide more efficient ways for organizations to provide strong security and better interactions with their brands. This event provides education, tools and best practices to roll out modern authentication across web, enterprise and government applications.
- CyberWeek 2022 (October 17-21, 2022; Washington, DC) - An annual movement that brings together top C-Suite leaders from major technology companies, state and federal government agencies, and other influential decision-makers across hundreds of community-driven events. The goal? Sharing best practices and sparking collaboration on big ideas that will revolutionize technology in the U.S. and fend off the next generation of attackers.
- Global Cybersecurity Outlook 2022 (white paper) - The first Global Cybersecurity Outlook flagship report identifies the trends and analyzes the near-term future cybersecurity challenges. The aim of this report is to provide an in-depth analysis of the challenges that security leaders are dealing with, the approaches they are taking to stay ahead of cybercriminals and the measures they are implementing to enhance cyber resilience not only within their organizations but also within the wider ecosystem.
- 5 Cybersecurity Trends Shaping Government Modernization in 2022 (white paper) - Cybersecurity is a perennial focus of government, but with a year of high profile cyber incidents behind us, a new federal mandate, and ongoing remote work, 2022 is shaping up to be a key turning point in how government implements modern cybersecurity practices. This 2022 cybersecurity trend report aims to outline the key trends shaping government's approach to securing data and systems.
For more information on cybersecurity awareness and preparedness check out GovEvents and GovWhitePapers.