In the United States, the U.S. Department of Homeland Security and the National Cybersecurity Alliance (NCSA) started National Cybersecurity Awareness Month in 2004. Meanwhile, the European Union Agency for Cybersecurity (ENISA) was formed in 2005 and began a similar awareness month in 2012.
Although there are slightly different themes in various locations, the idea behind the annual campaigns is the same: to raise awareness and bring the focus of cybersecurity back to us as individuals and what we can do to protect ourselves and our organizations while working online.
As we say goodbye to this month's campaign, let's take a quick look at Phishing and Social Engineering. These are the preferred attack methods for Cyber-Criminals, and their methods have become increasingly sophisticated. Our best defense against these types of attacks is to take the time to examine the message before taking any action. We need to act as cautiously online as we do offline.
As access to data and computing power becomes ever-more widespread, the need for confidential computing will only grow. The Everest Group believes the growth in the market will be "exponential," starting from $1.9 billion in 2021 and expanding by 40% to 95% yearly through 2026. They believe the main drivers are security and cloud projects and the need to manage financial, government, and other private data.
Some things to look out for in Phishing messages are:
- Poor Grammar Requiring Urgent Action
- Links not going to where they say (hover over the link, and you will see the destination address)
- Generic Recipients (true of phishing but not always the case in targeted attacks)
- Promotional Offers that are too good to be true. The graphic below is courtesy of https://cybersecuritymonth.eu
For further information on campaigns in the U.S. and Europe, check out Cybersecurity Awareness Month | CISA & ECSM.