Every October brings both Halloween and National Cybersecurity Awareness Month (NCSAM). Most people know about Halloween, but if you’re just coming up to speed on NCSAM here is some background. National Cybersecurity Awareness Month (NCSAM) was established in the United States in October 2004 (yes, this is the 20th anniversary!). It was a collaborative effort between the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA), a public-private partnership aimed at raising awareness about the importance of cybersecurity and helping Americans stay safe online. Today, NCSAM is a major annual event, engaging a wide range of stakeholders across the U.S., including federal, state, and local governments, educational institutions, and private companies. It serves as a critical reminder of the ongoing efforts needed to protect digital assets and educate the public about the evolving nature of cyber threats. The theme of NCSAM is “Secure Our World”; a focus that applies to both individuals and organizations.
Coming back to both Halloween and NCSAM, while they both can be scary that’s where the similarity ends. Sure, there can be devastating consequences to children’s teeth from Halloween, but the global cost to businesses from cybersecurity is expected to reach $10.5 trillion by 2025, according to Cybersecurity Ventures. Over 1 billion devices (mainly IoT/OT systems) are at risk of botnet infections. And increasingly threat actors are targeting critical infrastructure such as the energy grid, water supplies, and transportation systems. Other recent examples of IoT security include pagers exploding in Lebanon, Flax Typhoon threat actor group being taken down by the US Government, and concerns about election systems being hackable. This month there are more reasons than ever to take IoT security seriously.
The focus of NCSAM is “Secure Our World”, and for enterprises that will have different actions needed than for individuals. Organizations can control things that individuals cannot – supply chain, for example, and they have different challenges as well – such as scale of devices. The good news is that the same principles that guide National Cybersecurity Awareness Month are also the foundation for securing physical security systems, building automation, or other IoT systems. According to CISA, here are the fundamental principles to follow to Secure Our World:
- Passwords: Use strong passwords and a password manager
- Multifactor Authentication: Use it! Turn it on for all systems that support it.
- Software Updates: Ensure all devices and applications are updated to the latest (safest) version
- Phishing: recognize and report phishing attempts
However, some IoT devices may not necessarily follow these principles since they operate differently. For example, the traditional IT phishing approach of sending an email with corrupt links or attachments may not directly exist for IoT systems, but the key point is to look out for efforts to compromise your system through external traffic or methods.
One last point: you don’t need to go it alone. Viakoo has helped many organizations deploy automated discovery and remediation solutions that ensure all IP-connected systems are visible, operational, and secure. Reaching out to Viakoo and others who have travelled the “IoT Security Journey” can save time and money – we’re happy to show you some shortcuts along that journey. Have a wonderfully frightful Halloween this month, but also take to heart the lessons of NCSAM to prevent scary IoT security issues from haunting your business.