Though October is termed the “National Cyber Security Awareness Month,†it doesn’t alter the cybersecurity attack rate. So, what does National Cybersecurity Awareness Month actually do and how can it be beneficial? Bill Harrod, Federal CTO at MobileIron gives his take on designing security into the business environment.Â
Cybersecurity, much like the coronavirus, does not pay much attention to the calendar. The fact that October is termed “National Cyber Security Awareness Month (NCSAM)†does not significantly alter the attack rate or the risk for most government agencies. Phishing attacks, COVID-19 related scams, and malicious QR codes are common ways to deliver malicious payloads resulting in ransomware attacks, data loss, and device compromise.Â
School systems, hospitals, and state and local agencies have all experienced significant outages and loss as a result. Additionally, the fact that we are in the final run-up to a nationwide election puts many agencies and cybersecurity professionals on a heightened level of alert in case election-related attacks are detected. Â
In years past, campaigns were targeted, and misinformation attacks were reported as part of the social media and cybersecurity threat landscape surrounding the election cycle. While that is still happening, implementing protections and proactive measures have helped to mitigate the impact.Â
Messages about voter fraud and electronic voting, and issues around mail-in ballots, are escalating the focus on protecting the election process as we begin to turn our attention to election day, including collecting, counting, and reporting the vote. Â
Learn More: Cybersecurity Awareness Month: 6 Tech Leaders on How to Up the Ante on Security
Cybersecurity controls are critical to ensuring the smooth and successful execution of the process of counting and reporting the votes cast. This year, we may see a longer than usual delay in reporting the results, especially given the extremely high numbers of requested mail-in and absentee ballots. The recent decision to allow Pennsylvania to count ballots received up to three days after election day will add to the potential for significant delays in reporting on the results.Â
Again, countering phishing attacks and misinformation during this delay will be critical. People will be anxious to hear the results, and this may increase the likelihood that they will open an email or follow a link that claims to have special insights into the latest results or news. Â
And then in the period from election day to inauguration day, regardless of the outcome of the election, the “holiday season†and the agendas of the political parties will significantly increase the amount of email and the traffic on social media. All that additional traffic poses the threat of being malicious and an attempt to deliver a malicious payload, capture credentials, or install ransomware. Â
Learn More:Â Narrowing the Cybersecurity Skills Gap Starts With Security Awareness Training
What Does the Claxon Call of Cybersecurity Month Mean for Us?
It is the opportunity to make sure our users are reminded and well-versed in looking for and reporting phishing attempts and avoiding suspicious links and QR codes. It also means that we need to be sure to practice good hygiene in the management of mobile devices, compliance policy enforcement, using only trusted and authenticated wi-fi networks, only using approved and vetted apps, and of course using strong multi-factor authentication (MFA) and killing the password once and for all.  Â
The past eight months have presented us with unique challenges as we moved to virtual meetings and nearly 100% telework. The next three months will pose their own unique challenges. Observing the basics of good cybersecurity and being alert and proactive to address these times will give us the best chances of staying safe and well.Â
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!