Consider Cyber Awareness Month (CAM), which overlaps with another better-known occasion: Halloween. Cyber awareness and CAM have faced allegations of fearmongering in the past, but this isn’t — or shouldn’t be — the case. At times, some vendors or individuals arguably exploit worries about cyber threats to market their products or convince people of their necessity.
But this is a delicate balance to strike. While it is true many security professionals are already struggling under the weight of their responsibilities, Cyber Awareness Month is a time for home truths. The grim reality is that cybercrime is getting worse. According to the Veeam Data Protection Trends Report 2023, 85 percent of organizations suffered at least one cyber-attack in the preceding twelve months, an increase from 76 percent experienced in the prior year. So, in many ways, our current approaches are failing. Does that mean Cyber Awareness Month is failing too?
Awareness: Where Next?
One of the main criticisms of Cyber Awareness Month — or any awareness day/month, for that matter – is that it should be a priority year-round. This is true to an extent. Cyber awareness (and preparedness) must always be on the agenda. But that doesn’t mean we don’t also need an awareness month. After all, if every day is ‘awareness day,’ it quickly becomes just a typical day.
Awareness is just the start — acting on it sets you apart. This is where a focus on ‘Awareness’ can sometimes be detrimental. Overloading security professionals, particularly those with limited teams or budgets, with an endless list of problems and priorities to address can result in ‘analysis paralysis,’ leaving security teams unsure of where to start.
Here, Cyber Awareness Month could bring about a positive change. We should use CAM to implore organizations to commit to something small to improve their security situation today. For instance, to patch one thing every day of October, or to test their recovery process. After all, actions speak louder than words, and a journey of a thousand miles begins with a single step.
Going Full Circle
That last example of testing the recovery process is critical. Amidst the multitude of messages and opinions coming out of Cyber Awareness Month, it is imperative to note that we still see businesses dropping the ball time and time again.
As we enter 2024, businesses must be prepared for a cyberattack and ready to respond to, and recover, from an incident. To flirt with that fear-monger tag mentioned earlier, cyber incidents will happen. In the current environment, it’s more a matter of when than if. But, as bizarre as it might sound, this is okay! If businesses are well-prepared, it’s not a doomsday event, just an unfortunate reality of modern business.
Being prepared for a cyber incident means having secure backups that can’t be targeted by malware like ransomware. Knowing exactly how you’d respond and recover from an incident is just as important. Too few businesses test and prepare for the worst-case scenario, not considering recovery environments or backup cleaning until it’s go-time. The middle of an active cyber incident is not the time to learn such lessons.
Security is still important, of course, but the last line of defense, backup and disaster recovery, has become just as important as the first. It’s another area for Cyber Awareness Month to evolve in the coming year – to come full circle and cover the full spectrum of cyber resilience. Of course, “Cyber Awareness, Preparedness, Response, and Recovery Month” doesn’t have the same ring to it.
Image credit: AndrewLozovyi/depositphotos.com
Dave Russell is Vice President, Enterprise Strategy at Veeam Software. Dave has 33 years of experience in the backup/recovery and storage management industry as a developer (IBM), industry analyst (Gartner) and strategist (IBM and Veeam). At Veeam, Dave is responsible for driving strategic product and go-to-market programs, spearheading industry engagement, and evangelizing Veeam’s vision for Modern Data Protection and Veeam in the Enterprise at key events across the globe. Follow Dave on X (formerly Twitter) or LinkedIn.
