Did you know that October is national cybersecurity awareness month? If you didn’t, you are not alone. While you have to give credit to the SANS Institute and others for their effort here, few people outside the Beltway are aware of cybersecurity awareness month – let alone do anything about it.
To me, this is a real shame. The folks in Washington put on a party and no one from outside the area show up. Heck, even the President gets involved.
This is especially troubling due to the lack of cybersecurity awareness and knowledge in the working and general public. Allow me to illustrate my point. Last year, ESG surveyed 244 security professionals working at enterprise organizations (i.e., more than 1,000 employees) and asked them a number of questions about APTs and other types of security threats and attacks. Within this survey, ESG asked security professionals to rate their organizations in a number of security skills and processes. We found that:
- 49% of organizations rate their non-IT employees’ general security knowledge as “fair” or “poor.”
- 55% of organizations rate their non-IT employees’ knowledge about APT concepts like social engineering as “fair” or “poor.”
So our employees haven’t a clue about good security behavior but they aren’t alone. Alarmingly, 14% of organizations rated their security staff’s knowledge and skills around APTs as “fair” or “poor.”
You can’t get your driver’s license unless you know the rules of the road, but you are free to take tremendous risks with your organization's assets if you don’t understand cybersecurity. That’s just crazy if you ask me.
As part of cybersecurity awareness month, CEOs, CIOs, and CISOs, should e-mail their entire organizations and tell them to peruse this web site: http://www.staysafeonline.org/ncsam which is sponsored by the National Cyber Security Alliance.
As your local constable might tell you, ‘ignorance of the law is no excuse.’ It’s time to make sure that all employees and computer users realize that the Internet has become a very dangerous neighborhood and teach them how to avoid the multitudes of dark alleys and seedy con artists lurking around every corner.