Why We Still Need a Cybersecurity Awareness Month?

The threats are out there all the time. Why do we still need an awareness campaign every single year?

It is that time of the year again. As every other previous October, this one is no different. Somebody has to tell you the ultimate secret to being safe on the Internet. Use a strong password.

So you did it. You finally changed your “password” to a “strong password” and are now safe. Or are you?

Security is a process — a strong password is just a start

As the headline says, security is a process. Not a one-time thing. It is not enough to change the password here and there and use stronger and stronger variations.

The downside of having a traditionally suggested strong password? It is nearly impossible to remember it.

How can you remember a random string of at least 16 characters?

For all the accounts you have?

It is damn near impossible. You either need a password-generating system that makes it easier for you or you can use some password manager.

Using a password manager is great, but unless you can guarantee that your passwords stored within are safe, you should not use them.

Alternatively, you can go with a password-generating system, for which you only have to remember the system itself and can generate all the passwords you need.

With that, you can have a strong password for everything, but you are relying on that no one can guess that you are using a system and how it works. Unless you are a victim of a targeted attack, that should not happen.

So, a strong password is just a start. You just went down the rabbit-hole.

Immunity against automated threats

Bots are responsible for most of the internet communication. The same applies to attacks. Why?

Because many still use outdated systems and software.

Google Chrome had 22 newly published vulnerabilities on the 26th of September. The more popular a software is, the more targeted it is.

Whenever there is a new patch, you should update your software just to patch the security holes that are to be massively exploited by bots, trying to get easy access to systems.

The Nigerian prince strikes again

We all know of the Nigerian prince phishing scams, but there are still people who fall for these kinds of tricks. According to CNBC (2019), they still earn about $700k per year on such scams.

No wonder. This kind of scam dates back to the late 1700s in France. It was efficient in times of mail; nothing will change even with its digital form.

Attacks leveraging social engineering are gaining popularity. Why?

It is easier to fool a person than to fool a computer.

A computer is strictly logical. People act on emotions. All it takes to compromise anyone is to catch them at their worst. And that sadly happens.

Fraudulent emails are ever-present. Generally speaking, no one legitimate ever needs your password or access to your computer. So do not give it to anyone, no matter what they threaten you with.

The cost of a cyber attack

In today's world, all malicious actors need to do is to pay someone to find them a Zero Day vulnerability, which on average costs about $2M (based on bug bounties, etc.). Once they have that, they can target big companies.

The price per a Zero Day vulnerability is high, but it is nothing compared to what they can gain. Just look at the average ransom enterprises are asked to pay after being hit by a ransomware attack.

It is nearly $1M. You get three companies to pay it and you are running a profitable operation. No wonder why cybercriminals are no longer loners but work in highly organized groups.

We can even say that they formed a digital mafia. Terrifying, is it not?

The need for awareness

Because cybersecurity is a process, it means that it is not a one-time thing. We cannot just say once recommendations to be secure. That does not bring lasting results.

Security comes from technologies, processes, and people. And if people are to be secure, they must make security their habit. And as you know, building a habit is not a one-time action either.

Cybersecurity awareness month helps us get to it closer, although doing it once per year, even if it is for a whole month, is not enough. It is still better than nothing.

Stay aware. Stay secure.

Let me know how you feel about what you have just read. I am looking forward to hearing more from you! If you liked what you just read, try to see how many times you can hit 👏 in five seconds — not only do you get a little bit of extra movement (burn that one calorie), but you also help me reach more people with my writing. Keep tuned in for posts that are yet to see the light of the world, follow to not miss out.

Thanks for reading and take care!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jakub Jančík

Cybersecurity Enthusiast | Sales Engineer/Account Manager | Freelance Copywriter | LARPer | Gamer | Torturer of Pianos (and Ears)