How Cybersecurity Awareness Have Evolved In 20 Years

The White House and Congress have recognized October as National Cybersecurity Awareness Month since 2004. This year commemorates the 20th anniversary of this campaign to promote awareness about the value of cybersecurity and internet safety. What changes have occurred in cybersecurity and malware during the previous two decades? When and what types of threat management tools appeared? The themes of Cybersecurity Awareness Month over the years provide a hint.

First Year and Beyond: 2004 – 2009

During the early years, standard cybersecurity hygiene was emphasized, including maintaining strong passwords, keeping software up to date, and being wary of phishing efforts.

For example, the National Cybersecurity Alliance underlined in 2005:

• Personal information protection, particularly when solicited for personal information online
• Using anti-virus, firewall, and anti-spyware software
• Updating operating systems and web browser software regularly
• Strong passwords or strong authentication techniques are used.
• Creating a backup of crucial files.

Sharing Responsibility: 2009 – 2018

The DHS Secretary launched Cybersecurity Awareness Month in 2009 during an event in Washington, D.C. The DHS Secretary was the highest-ranking government official to take part in the campaign’s actions at the time. During this time, cybersecurity was highlighted as a shared duty encompassing individuals, businesses, and governments.

Start of the STOP. THINK. CONNECT Program: 2010

The STOP. THINK. CONNECT. program was launched in 2010 with a proclamation from President Barack Obama during Cybersecurity Awareness Month. The project continues to address human behavior online and for good causes. According to the most recent Verizon Data Breach Investigations Report, the human factor remains a primary driver of 74% of breaches, including social engineering hacks, errors, and misuse.

Built-In Security: 2014

There was a new emphasis on incorporating security into information technology products. The National Cybersecurity Alliance claimed that security is a critical component of software design, development, testing, and maintenance. Back then, the purpose was to involve stakeholders and educate others on what to do and look for in products. The theme is even more relevant now, as seen by the current National Cybersecurity Strategy. The approach recommends additional policies and laws to encourage software suppliers to use secure development practices.

The Encryption Era: 2015 – 2019

The 2015 IBM Cost of a Data Breach report was the first to provide a full analysis of data breach cost mitigation factors. And the top two factors had a five-year winning streak from 2015 to 2019. During those years, developing an incident response (IR) team was followed by extensive use of encryption.

CISA Was Created: 2018

The Cybersecurity and Infrastructure Security Agency Act of 2018 was signed into law by President Donald Trump in 2018, establishing the Cybersecurity and Infrastructure Security Agency (CISA). CISA works with other government agencies as well as private-sector entities to solve cybersecurity challenges. CISA now leads Cybersecurity Awareness Month programs that the National Cybersecurity Alliance previously led.

The Do Your Part. #BeCyberSmart Campaign: 2019 – 2022

The Do Your Part. #BeCyberSmart campaign was launched during this period. This subject urges individuals and organizations to take responsibility for defending their portion of cyberspace, emphasizing personal accountability and the need to make proactive efforts to improve cybersecurity. Ransomware has developed dramatically as a security concern during the previous decade. The number of ransomware attacks has increased, as has the damage caused by each incidence. Identity and access management (IAM), zero trust, and AI-assisted cybersecurity were among the security solutions that gained traction during this period.

2023 and Beyond

In 2023, CISA is challenging everyone to help ‘Secure our World’ by taking four simple measures to keep secure online:

• Using Strong Passwords that are strong, unique, and random
• Enable multifactor authentication on all accounts that support it
• Identify and report phishing (“think before you click”).
• Software should be updated (automatic updates and patches should be enabled).

The director of CISA stated that with cyberattacks becoming more sophisticated, individuals and families, small and medium businesses, and large companies all play an important role in securing the digital world and keeping it safe. Everyone should do their part this Cybersecurity Awareness Month to “Secure Our World” and adopt key behaviors to promote online safety and security.

As cybersecurity awareness continues to evolve from its humble beginning in 2004, companies and individuals need to do their part to raise awareness of cybersecurity and online safety. At SpearTip, cybersecurity awareness training educates individuals and organizations about best cybersecurity practices and provides the knowledge and skills necessary to protect their systems and data from cyber threats. Our training covers topics such as password security, phishing scams, social engineering, malware, data protection, and network security. By providing cybersecurity awareness training, organizations, and their employees can better understand the risks of the cyber landscape and develop impactful cybersecurity practices that can reduce the likelihood of cyberattacks.  Cybersecurity awareness training is an essential component of any comprehensive strategy to protect sensitive information, such as personal data, financial information, or intellectual property, and to prevent data breaches, system downtime, and other negative consequences that can result from cyberattacks.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.