National Cybersecurity Awareness Month and Cybersecurity Culture

National Cybersecurity Awareness Month and Cybersecurity Culture

Fifteen years ago, the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) established every October as National Cybersecurity Awareness Month (NCSAM). Back then it was about updating your antivirus software twice a year. Now, thanks to the explosive growth of social media and cloud applications and storage, participation has grown to include a wide range of organizations across the country, representing dozens of industries, and it’s dedicated to protecting both personal and organizational data. To support this mission Optiv has developed a suite of resources to help individuals and organizations focus on actionable ways of safeguarding themselves against the proliferation of cyber threats.


The truth, though, is every month should be Cybersecurity Awareness Month. Given the stakes, all of us ought to be conscious of our information security every second of every day. For organizations, the best way of accomplishing this is to foster a living, breathing cybersecurity culture.


What is a culture of security?


In most organizations people are the greatest weakness, which is why phishing is the delivery vehicle for 96% of all cybersecurity attacks. A culture in which workers are more aware and vigilant is far less vulnerable. According to a recent ISACA/CMMI Institute report:


An effective cybersecurity culture enables a virtuous circle in which employees, understanding their roles and responsibilities, act as human firewalls. When cyberattacks occur, the enterprise responds in a resilient manner, either by preventing the attack or speeding up the organization’s response and recovery cycle.


Within the enterprise, these dynamic interactions foster communication and understanding across department or geographic siloes. Organizations can leverage this alignment on security to speed legal compliance with ever-changing regulations or strategic rollouts of new technology, adding greater adaptability to the enterprise as a whole.


These advantages are universally understood—but hard to achieve.


Several important business benefits have been achieved by the 40 percent of organizations that express strong satisfaction with their cybersecurity culture. Within that group, a resounding 84 percent of employees say they understand their role in cybersecurity enforcement and 92 percent say that their C-level executives share an excellent understanding of the underlying issues.


The study demonstrates employees in effective cybersecurity cultures:



  • Recognize their role in endpoint security
  • Participate in regular training programs
  • Actively engage with the behaviors and habits outlined by their cybersecurity program


As a result, these organizations experience benefits such as:


  • Increased visibility into potential threats
  • Reduced cyber incidents
  • Post-attack resilience to resume operations
  • Increased capacity to engage in new business
  • Consumer trust in their brand offerings


Cybersecurity culture benefits can actually be quantified. Red team exercises have shown these new patterns of behavior significantly drive up the cost of penetration, making the organization a far less attractive target for cybercriminals.


We encourage you to download and share the informational assets we’ve developed for NCSAM.


More importantly, don’t treat it as a one-month event. Use NCSAM as a springboard to build the sort of culture that turns your people into – as ISACA/CMMI puts it – “human firewalls.”


You’ll know you’ve cultivated a true cybersecurity culture when vigilance isn’t something people remind themselves to do, it’s something they do without thinking about it.


October is National Cybersecurity Awareness Month, and all of us at Optiv encourage you to think about your awareness levels and behaviors. No matter how great a job you’ve been doing, a little brush-up can only benefit you and your organization. We’ve put together a suite of resources to help promote better cybersecurity practices and you’re invited to download it for free.