Skip to main content
Microsoft Security
Back to Security Now
Feature article

Why is Cybersecurity Awareness Month important?

By Vasu Jakkal, CVP Microsoft Security, Compliance & Identity

October is Cybersecurity Awareness Month, and this year it highlights the importance of cybersecurity education for all around the theme: Do your part. #BeCyberSmartWith more workers using personal and corporate devices interchangeably, it’s even more important to be cyberaware. As new vulnerabilities arise, “security for all” becomes even more integral to organizational success. 

2021 has been a watershed year in cybersecurity. The pandemic continued to bring new challenges as attackers took advantage of overstretched security teams to unleash new human-operated ransomware, malware, and nation-state attacks like those against Colonial Pipeline and JBS Food. With the move toward hybrid/remote work, security professionals have found themselves with more endpoints to manage and secure. Practicing basic cyber hygiene—applying security patches and updating software and apps—is a simple way to empower your organization.

Security for all begins with education 

Employees are still falling prey to phishing scams at alarmingly high rates. According to the 2020 Gone Phishing Report produced in partnership with Terranova, it’s not just smaller and under-resourced organizations that are at risk. Large and well-equipped organizations are also vulnerable. 

Figure 1: Phishing click-through rates by organization size.

Training and education continue to be top of mind for security professionals and their organizations. According to the data from The SANS 2021 Security Awareness Report, over 75 percent of security awareness professionals spend less than half their time on security awareness, implying awareness is too often less than a full-fledged effort.[1] During the pandemic, 32 percent of survey participants reported an increase in time spent educating and supporting users on security practices on an ad hoc basis.[2]

That’s why Microsoft Security is providing educational content to help organizations #BeCyberSmart and learn how to keep safe at work and at home.  

On October 7, we will release the 2021 Microsoft Digital Defense Report (MDDR), which examines recent trends in cybercrime, establishing hybrid workforce security, combating disinformation, and much more—bringing together integrated data and actionable insights to help the global community strengthen our collective digital ecosystem. 

 
Making it a safer world together 

In a world of remote and hybrid work, anything less than comprehensive security will leave an organization vulnerable. Comprehensive security goes beyond technology to include education—keeping people updated about the latest threats and teaching them how to safeguard their identities, data, devices, and home networks. At Microsoft, we’ve built a site that provides education on cybersecurity for all and invite you to learn more

The 2021 Cybersecurity Awareness Month theme, “Do Your Part. #BeCyberSmart,” is meant to engage everyone from individuals to corporations; empowering all of us to protect our online life and create a safer world for everyone: 

  • Be Cyber Smart—We will highlight best practices and focus on general cyber hygiene, starting with the basics: strong passwords, multi-factor authentication, backing up data, and updating your software regularly with all available patches. Microsoft Security provides some great resources on our site that show you how you can keep your accounts secure, protect yourself from threats, and go passwordless. In addition, Microsoft Stores are providing cybersecurity training for small business owners and will cover the key areas of security, compliance, identity and device management as the interdependent parts that all businesses need today. 
  • Fight the Phish! — Learn how to recognize messages or chats that come from a stranger or someone not in your normal work circles (i.e. C-suite executives, purchasing orders). This year Microsoft will sponsor Terranova Gone Phishing Tournament  and has put together some guidance with them on how you can protect yourself from phishing. The Gone Phishing Tournament ™ is a free annual cyber security event open to security and risk management leaders. 
  • Explore. Experience. Share (cybersecurity career awareness) — The National Initiative for Cybersecurity Education (NICE) in a week-long campaign to promote the exploration of cybersecurity careers. Microsoft is actively reaching out to students, veterans, people re-entering the workforce, and anyone with an interest in being part of this vital segment of the 21st-century workforce. Microsoft Security will be part of our first Microsoft Student Summit (S2), a three-day virtual skills event designed to inspire higher education students on their employability journey. The S2 event aims to help students learn from Microsoft executives, explore the latest Microsoft technologies, and speed up their path by skilling up and raising their profile. We’ve also made it easy for students to get ready for Microsoft certification by offering additional daily live four-hour exam cram sessions aligned to the Microsoft Fundamentals certifications—featuring Azure Data, Security, Identity and Compliance, and Power Platform.      

Diversity in cybersecurity is one of our greatest opportunities. Currently, women represent only 24 percent of the cybersecurity workforce, which means we must ensure girls and women see themselves in cybersecurity’s many pathways. Microsoft Security has teamed up with Girl Security, which is pioneering new approaches to building a cybersecurity workforce that reflects the nation, communities, and people it’s working to secure. Through an open-source curriculum designed to support adolescent and adult girls, women, and gender minorities, Microsoft Security and Girl Security are working to demystify cybersecurity, highlight visible role models who share their learned insights, and inspire these populations toward cybersecurity’s purposeful mission and in-demand skills. We’ll also announce more educational initiatives; so stay tuned to our security blog and look for updates here. 

  • Cybersecurity First—This means making cybersecurity training part of employee onboarding and equipping staff with the tools they need to stay safe. For individuals, it means keeping cybersecurity top-of-mind every time you connect, whether from home or at work. Always consider your security and privacy settings; wherever possible, move to passwordless sign on. We’ll highlight best practices for hybrid work by Microsoft CISO, Bret Arsenault and encourage you to view all the featured articles to make cybersecurity a priority. 
     

Your security resource, year-round 

Microsoft’s approach to comprehensive security means we go above and beyond our end-to-end security solutions—we also help our customers use technology securely through education and by providing best practices. We’re helping people have a safer online experience by making the 2021 Microsoft Digital Defense Report—one of the most highly downloaded reports Microsoft Security has created—freely available to all on our website on October 7th. Throughout the month, look for upcoming blog posts providing in-depth information and helpful tips for each themed week of Cybersecurity Awareness Month 2021. To access training, certifications and other resources that you can share with your organization, visit the Microsoft Security Cybersecurity Awareness education page. 


To learn more about Microsoft Security solutions, visit our website.  Also, follow us at @MSFTSecurity for the latest news

[1] 2021_Security_Awareness_Report_vF.pdf (screensteps.com)

[2] Information Security Professionals in the time of COVID-19 (microsoft.com)


Back to Security Now
Feature article

Strengthening supply chain and IoT/OT security