Data breaches and security incidents experienced double-digit growth from 2015 to 2016, with the business sector up 49%, followed by Healthcare up 35%.  Identity theft is the fastest growing crime in North America.  Every second, 12 people are victimized by online cybercrime.

These statistics underscore the importance October’s National Cyber Security Awareness Month (“NCSAM”). NCSAM is designed to not only educate the public and private sectors about the dangers of cybersecurity, but to provide them with the tools and resources needed to stay safe online.

Each week, NCSAM 2016 focuses on specific themes, aimed to bring more awareness to the types of attacks our families and our businesses are all vulnerable to:

  • Week 1: October 3-7, 2016 – Every Day Steps Towards Online Safety with Stop.Think.Connect.™
  • Week 2: October 10-14, 2016 – Cyber from the Break Room to the Board Room
  • Week 3: October 17-21, 2016 – Recognizing and Combating Cybercrime
  • Week 4: October 24-28, 2016 – Our Continuously Connected Lives: What’s Your ‘App’-titude?
  • Week 5: October 31, 2016 –Building Resilience in Critical Infrastructure

There’s no denying how revolutionary the Internet is: it’s made the world more connected than ever before. It allows us to communicate in real time with friends and colleagues from across the globe.  But it also makes it easier for attackers to access our critical and sensitive data.

Defending against targeted attacks

One of the most concerning threats to come to light recently is targeted attacks, also referred to as an Advanced Persistent Threat (“APT”).   Most security experts agree that an APT is far more dangerous than the average cybercriminal, because they’re perpetrated by highly trained, extremely organized, and oftentimes well-funded organizations or even foreign governments.

Anatomy of an Advanced Persistent Threat Attack:

Hackers target you for political, military, or economic gain. They research your organization extensively, creating a dossier on your organization

  • They find an employee contact list, which was accidentally posted online
  • They use that to identify all employees and their roles within the organization
  • They conduct research on each of these employees (using social media, public forums, etc.) until they settle on a handful of key targets
  • A dedicated group of researchers then finds more information about these key targets, in an effort to create a spear-phishing attack
  • With a spear-phishing attack, your five (5) highly-targeted employees receive an extremely convincing email (which they’ll believe came from their supervisor) with an urgent request (such as to send over employee records or open an attachment). If the targeted employee fulfills the action, the hacker gains access to your company files or technology.

Spear-Phishing campaigns targeting specific employees increased 55% in 2015.

Watch this online video from SANS Securing the Human to learn more about targeted attacks and how they breach our defenses.

The purpose of NCSAM isn’t necessarily to scare people into believing there’s no hope to protecting their data.

Rather, NCSAM is designed to remind people that the best defense against any type of digital attack is knowledge.

 In the case of a spear-phishing, individuals can protect themselves and their companies by:

  1. Limiting the amount of information that’s shared online
  2. Reporting to your security team immediately if they received an unexpected email, call, or attachment

The troubling reality of cyberattacks is that they’re constantly evolving. Each day a new strategy and tactic is employed, aimed at exposing online vulnerabilities.

That’s why joining the NCSAM campaign (including the weekly Twitter Chat series, by using #ChatSTC) is so important. By staying updated with the latest tips, news, and resources available, you and your organization can remain a step ahead of attackers looking to target your organization.