Cybersecurity Awareness Month Commentary
October 2023 by Fortra
To celebrate the 20th year of Cybersecurity Awareness Month, the commentary from Fortra on how far education and awareness have come and how cybersecurity can keep moving forward for the next 20 years.
Cybersecurity is complex because it ultimately revolves around people and their desires, fears, and cognitive biases, and people are complex. To improve cybersecurity, we have to work on two fronts: continuously improve and innovate automated solutions, and continually increase people’s awareness of cybersecurity. Cybersecurity Awareness Month is both a driver and a recognition of the importance of these facts. New challenges are on the rise this year, including the malicious use of Large Language Models. New technical solutions will be found, and with the regularly sharpened edge of peoples’ awareness, we will meet these challenges. Here’s to the next 20 years! – Kurt Thomas, Technical Product Manager
Cybersecurity awareness and education have come a long way, but the industry moves fast. The issue isn’t that awareness and education are lacking in content or direction, it’s the ongoing adoption by users who are fatigued by the constant push for "more training" or "more compliance". Pushing users through hours of training videos (many of which turn into "speed runs" for the more knowledgeable user) makes them lose their impact and value. Newer, more engaging education methods need to be identified to cover this gap. These include gamifying learning and education, offering more engaging and interactive tabletop-style exercises, or even having red teams walk through how they coerce users to give up “the keys to the kingdom” so the average user can see malice in action and get a good sense of how far cybercriminals are willing to go just to make incremental progress towards exploitation. All of these would provide something new and interesting to users who may have lost interest in the standard educational methods. Engaging with users in fun and meaningful ways helps to raise the fruit higher on the tree, and it’s high time that fruit gained altitude! – Ryan Maltzen, Cybersecurity Architect
Security awareness training is more applicable now than in years past due to the massive adoption of Internet of Things in home devices. It is no longer restricted to how you can protect the company you are working for today, but how you can protect your own personal data and the data of those close to you. Exposing people to risky cybersecurity behaviors will help them understand how to be more diligent and ultimately protect both internal and personal resources. – Amy Williams, Security Consultant