Welcome to Cybersecurity Awareness Month!
The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.
The four NCA topics for Cybersecurity Awareness Month are:
Phishing: Recognizing and reporting spam or malicious emails. This attack’s success rate depends on the end user knowing what to avoid in their email inbox.
Multifactor Authentication (MFA): Passwords are not a panacea, credentials can be stolen or brute forced by attackers. MFA is an additional layer of defense for authentication.
Password Management: Almost three decades ago, the movie Hackers said the most common passwords are love, sex, secret, and god. Even if a password is not on a commonly used list, company policies could forced changes too often. Users also tend to reuse passwords between personal and work accounts. Strong passwords and using a manager simplify password problems.
Software Updates: Security researchers often report bugs to vendors and the only way to remove vulnerabilities is by updating to the fixed version. Automatic updates and not skipping key changes help to keep you protected.
The NCA has published numbers from Symantec, user polls, and other research to provide data on common issues with each of these topics. I will be using these resources to share introductions, some best practices, and stories of how even new controls have their own downfalls.
Other ways to get involved with Cybersecurity Awareness Month
Offensive Security’s “See yourself as an OS__” series
OffSec is talking with it’s large community of certificate holders to show possibilities for new students looking to take their training. As the world of security broadens from penetration testing to a diverse field of roles, OffSec has expanded their training material. For example, developers can learn ways to secure their code.
Throughout the month, different speakers will share their experience in various job roles and how an always learning mindset of “Try harder” can benefit you.
HackTheBox CTF and discount
HackTheBox is also participating this month by sharing awareness tips, providing discount access to their VIP tier, and a halloween themed CTF starting on October 22. VIP access to their platform is usually $14/month and it gives you the ability to spin up 300+ retired machines in addition to isolated servers to avoid bumping into other users.
Look for a local community
Infosec and hacker communities are everywhere in person or online. OffSec and HackTheBox both have Discord guilds with active discussion for people of all skill levels. In person conferences are great opportunities as well for meeting local security enthusiasts. Bsides events happen globally and maybe there is one near you. GrrCON will be held again this month in Grand Rapids, Michigan. Local groups and meetups are great ways to find people to ask about ways to secure yourself or to get into a security career.
This month I will do my best to get more content out to explain these topics and promote companies or communities who are doing their part as well. Please reach out on Twitter at hackerunderdev for comments, questions, or requests on posts this month.
I am also looking for guest posts if anyone is interested.