Cybersecurity Awareness Month 2023: A round-up of insights

It is the 20th anniversary of CISA’s cybersecurity awareness month and for the beginning of the second decade of this tradition.

While this year’s themes are geared towards personal security, there are ways to implement them within an organization for more cyber resilience so there’s still something to learn here.

Here are the key themes for the year:

• Use strong passwords and a password manager
• Turn on multifactor authentication
• Recognize and report phishing
• Update software

These themes are important to be aware of, but on the organizational level, there’s a lot more that can be done to have a robust and comprehensive cybersecurity strategy. First, let’s unpack how these themes can help an organization.

Theme 1: Use strong passwords and a password manager

Passwords are the first line of defense against hackers trying to compromise important accounts that can lead to a company compromise or data breach. Account takeover attacks have increased 354% in Q2 of this year compared to the same time in 2022. These attacks can largely be attributed to the huge amount of password data floating around as a result of numerous data breaches.

Passwords are often reused so a data breach that leaks a password and email combination can be used by a threat actor to compromise a completely different account. This is why it’s important to use strong, unique passwords, and never reuse passwords across accounts.

Password managers can help to improve password generation and recollection so organizational leaders may want to recommend employees use the tools. They can either offer them as an employer perk or recommend they use the browser-based ones found in Chrome, Firefox, or Safari.

Theme 2: Turn on multifactor authentication

While strong passwords are helpful, an even more useful tool is multifactor authentication, or MFA. This is most commonly experienced when a website sends you a text message after you enter in a password or emails you a code but there are other methods of MFA, such as biometrics, authenticator passwords, and even physical hardware keys.

Google research has discovered that SMS 2FA can block up to 100% of automated attacks, including phishing, one of the more common and dangerous attacks companies face on a regular basis. Cybersecurity leaders should mandate the use of MFA for all accounts available or at least a company’s most sensitive accounts such as email, developer, and database accounts.

Theme 3: Recognize and report phishing

Phishing attacks increased 47% in 2023 and led to a loss of $52M in 2022, according to the FBI. Simply put, they’re quite common and companies need to plan for them. They’re essentially impersonation attacks that can lead to malware, ransomware, data breaches, and even direct financial loss when it comes to BEC attacks. Attackers are even using AI tools to improve their tactics, making them even more dangerous for unsuspecting companies.

Employees are often the first line of defense against phishing attacks so it’s important to train employees to spot phishing attacks and have a policy in place to report them. Knowing if you’re being targeted with more sophisticated attacks will help you be proactive and prevent worse kinds of phishing attacks.

Theme 4: Update software

Beyond emails, organizations often fall victim to attacks that exploit a system, app, or device vulnerability. These could be bypasses that allow an attacker to compromise a network, or a vulnerability that leaks important information. It’s these kinds of vulnerabilities that can lead to major data breaches, ransomware attacks, and APT attacks, which are long-term compromises. These vulnerabilities can also be exploited against supply chains and SaaS apps to compromise their customers, as was the case with Okta in 2022 and MailChimp earlier this year.

Having a vulnerability and patch management strategy is key for addressing these risks and that starts with updating software and systems. Cybersecurity leaders can educate their employees and ensure that they have automatic updates enabled to minimize the risk of known vulnerabilities from exposing a company.

How to really prepare your organization for cyber risk

Taking the right steps to address these themes on an organizational level can help prevent attacks but an organization should do more to ensure they’re prepared against all kinds of attacks. This includes not only preventative measures but proactive measures that will improve response and recovery times in case of a data breach or compromise.

To get a better sense of what a good cybersecurity strategy looks like and how smaller companies can approach the subject, we’ve rounded up some of our best articles, infographics, and eBooks on the subject. 

CISA has a good start on cybersecurity but with SolCyber, you can achieve real cyber resiliency.

Check out the links below and if you want to learn more about how SolCyber can help, reach out to us here.

Blog Articles