This year marks the twentieth anniversary of Cybersecurity Awareness Month, when we partner with the National Cybersecurity Alliance, the United States Cybersecurity and Infrastructure Security Agency (CISA), and organizations around the world to amplify the importance of cybersecurity best practices and how to be cybersmart. Initially, this moment started as a United States national awareness initiative and has grown to a global moment. Rightfully so, with a worldwide skills gap of 3.4 million cybersecurity workers,1 and the increasing sophistication of cyberthreats, security professionals are overloaded and often do not have the time to educate their organizations on how to stay secure. Given this, we are delighted to help our customers, partners, and the future generation of cyber defenders with educational tools to stay safe.
Why is cybersecurity awareness and education critical?
To understand the importance of exercising cybersecurity awareness with your entire organization, consider these stats:
- The average cost of a data breach in 2022 was USD4.35 million.2
- The median time for an attacker to access your private data through a phishing email is 1 hour and 12 minutes.3
- 15 percent of lifestyle apps are malicious.4
- There are 4,000 password attacks per second.5
As security awareness is ultimately about managing human risks, companies can go a long way by offering cybersecurity educational and skilling resources.6 For example,multifactor authentication can prevent 99.9 percent of attacks on accounts and it starts with educating our teams about the importance of multifactor authentication.7
An example of a best practice for cybersecurity awareness is one of our customers, the Campari Group, where the security team adopted a structured approach to educate the rest of the company on cyber defense. Every new employee receives a welcome email that provides practical information and resources about the company’s cybersecurity policies and training so they can help manage threats from the first day on the job, besides hosting a series of monthly security awareness campaigns.
With this in mind and by working with more than 1 million security customers and our 8,500 security experts, Microsoft is focused on helping you educate your organization and on reinforcing that everyone has a role to play in cybersecurity.8Here are some of the key areas where we are focused on educating users this month—and all year round—that you can explore more by downloading our Be Cybersmart Kit.
Protect your devices
It is vital to protect your internet-connected devices by keeping your software current with the latest security updates. To help keep your devices safe:
- Set up automatic updates to make the process smoother and decrease the risk from ransomware and malware.
- Carefully check privacy and security settings to ensure they’re set to your desired level of information-sharing any time you sign up for a new account, download an app, or acquire a new device.
Passwordless is the key
Hackers don’t break in—they sign in. So a good way to protect one of attackers’ most common entry points is by going passwordless with authentication solutions. For when passwords are needed, there are a few steps you can take to be safer:
- Use your browser’s password generator to create stronger passwords.
- Length—at least 12 characters—matters more than complexity, and a password manager can help you keep track.
Multifactor authentication is a must-have
Multifactor authentication can protect 99.9 percent of the attacks in your accounts by offering stronger security than relying solely on passwords. Check your devices, apps, and account settings to enable multifactor authentication, such as two-step authentication or biometrics.
Phishing only works if you take the bait
1 hour and 12 minutes is the average time for an attacker to access your private data if you fall victim to a phishing email.3 Complacency can lead to clicking on a malicious link in an email, phone message, or social post. So, how can we avoid taking the bait?
- Check the sender’s email address for verifiable contact information and phishing tip-offs such as an unrelated sender address. If in doubt for any reason, do not reply.
- Don’t click on links or open email attachments unless you have verified the sender.
- Check out the Gone Phishing Tournament, where we partner with Terranova Security in an interactive way you can test your organization’s phishing resilience.
Security is important for every customer size
While following security best practices goes a long way toward keeping your employees, customers, and data safe, we know this effort takes a village and should permeate organizations of all sizes. Small and medium businesses face an even more challenging landscape—increasing cyberthreats, along with a lack of sophisticated security solutions and limited security staff, making them particularly vulnerable.In 2021 for example, 82 percent of ransomware attacks targeted small businesses, with thetotalcost of these cybercrimes reaching USD2.4 billion.9 Given this, Microsoft is providing small businesses with the same level of protection that we provide to larger organizations but in a more affordable way. To celebrate Cybersecurity Awareness Month, we are offering a special promotion and announcing innovationsfor our small and midsized businesses and partners to advance them further.
You can find many more best practices and educational resources for organizations of all sizes in our cybersecurity awareness website, including infographics to share with your organization on how to be cybersmart regarding phishing, scams, passwords, and devices.
Empowering safety through innovation
We believe that innovation plays a huge role in facilitating the work of security professionals to help them be more efficient and focus on what they do best. Microsoft is in a unique position to transform security for our customers, not only because of our investments in AI, but also because we offer end-to-end security, identity, compliance, and more across our portfolio. We can cover more threat vectors and deliver value with a coordinated experience across security. Byembracing generative AI and simplifying otherwise complex toolsets, we can help organizations turn the tables on attackers.
We also strive to keep individuals and families safer at home and on the go. It’s more important than ever to have holistic protection for your identity and devices. That’s why we introduced credit monitoring and privacy protection in addition to device and identity protection to our security solutions. Now, consumers can monitor credit signs of malicious behavior and take action to stop the threat in real time. These novelties also improve user experience when unsecure Wi-Fi is used, like a coffee shop or airport, maintaining one’s privacy with a VPN. We innovate faster to allow our customers and consumers to do the same.
Celebrate cybersecurity awareness all year round
Cybersecurity Awareness Month holds special significance globally as it brings together industry, academia, and government with a united mission to keep our users safe. However, as I have said before, it is vital that we implement cybersecurity awareness and education all year round.
Toward this end, we’re committed to supporting students and professionals who are interested in the industry through education programs for both primary and secondary schools, colleges and certifications. We also partner closely with organizations such as Girl Security and Women in Cybersecurity (WiCyS), both recognized by the White House’s National Cyber Workforce and Education Strategy, to help increase diversity in the industry through mentorship programs, and we aim to help recruit 250,000 people into the worldwide cybersecurity workforce by 2025 through financial and scholarship opportunities. Throughout October 2023, we’ll be sharing more about our commitment to cybersecurity education, alongside the launch of the new Minecraft Education Cyber Defender edition.
Cybersecurity Awareness Month is more than an opportunity to refresh your cybersecurity savvy and learn new security skills. It’s a reminder of how collectively we can achieve more and make the world a safer place. Explore our Cybersecurity Awareness Month resources, including learning paths, certification opportunities, and the latest threat intelligence insights and cybersecurity innovations. Happy Cybersecurity Awareness Month!
Learn more
To learn more about Microsoft Security solutions, visit ourwebsite.Bookmark theSecurity blogto keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity)for the latest news and updates on cybersecurity.
1ISC2 Cyber Work Force Study, ISC2. 2022.
2Cost of a Data Breach Action Guide, IBM. 2022.
3New Windows 11 security features are designed for hybrid work, David Weston. September 20, 2022.
4Leading malicious mobile app categories worldwide in 2018, Statista. July 7, 2022.
5Microsoft internal data.
62023 Security Awareness Report, SANS. 2023.
7One simple action you can take to prevent 99.9 percent of attacks on your accounts, Melanie Maynes. August 20, 2019.
8Microsoft Fiscal Year 2023 Fourth Quarter Earnings Conference Call, 2023.
9FBI Releases the Internet Crime Complaint Center 2021 Internet Crime Report, FBI. March 22, 2022.
