For cybersecurity professionals, October has become synonymous with Cybersecurity Awareness Month, with public and private companies, media outlets, and government bodies looking to drive visibility of some of the most pertinent cybersecurity issues facing society.
But as it heads into its 20th year, is Cybersecurity Awareness Month still fit for purpose? And as the industry contends with burnout, talent shortages, and a rapidly evolving and increasingly complex threat landscape, what needs to happen to safeguard its future?
To answer these questions and more, we sat down with three leading voices in the sector – Richard Stiennon, the award-winning Chief Industry Analyst at IT Harvest and Author of the Security Yearbook, Dark Reading Senior Editor and renowned journalist, Dan Raywood, and Eskenzi’s own Co-Founder, Yvonne Eskenzi, who has driven impactful PR campaigns for more than 300 cybersecurity companies over the past 28 years, taking companies through IPOs and acquisitions worth over $16 billion. Given the multifaceted nature of the industry, their perspectives each spotlighted different thoughts, challenges, and opportunities, underscoring how encouraging input and collaboration from diverse perspectives will be critical as the sector looks to the future.
Is Cybersecurity Awareness Month still important?
Cybersecurity Awareness Month in itself is divisive. As Dan Raywood noted, “It gives the industry a focus point globally to come together and understand what level of awareness users need and what is being provided.” However, Raywood also commented that it would be good to see more of a year-round effort, but nonetheless commented that with “so many governments and organisations behind October, it’s a good way to work.”
This sentiment was echoed by Yvonne Eskenzi, who observed that “not enough is done around it and lots of companies could use this month to raise awareness and do more.” Eskenzi also highlighted how the month can spur creativity, making space for companies to “focus on awareness and come up with creative initiatives they wouldn’t do if we didn’t have it.”
Richard Stiennon, however, offered a different perspective, stating that after such a considerable time, a designated month risks “becoming a little embarrassing. Are we done making people aware? Have we stopped clicking on links? Is cybercrime going away?”
What do you see as the biggest threat facing the cybersecurity industry at the moment?
When asked about the biggest threat facing the sector at the moment, the respondents again offered different thoughts, shining a light on the varied challenges facing professionals and the industry. Stiennon called out automated attack methodologies – think agent AI used by attackers, noting that “most organisations are struggling to get breach response down to days from weeks. As attackers adopt dynamic frameworks, we are going to have to respond in minutes if not seconds.”
Eskenzi spotlighted surging state-sponsored attacks, and how competitive nations are trying to steal intellectual property, cause mayhem, and disrupt economies. As she observed, “Cyber criminals are also becoming far more savvy at stealing people’s data and money from right under people’s noses. People are being caught out more and more and it’s the way our world looks like it’s going to go unless people themselves are more savvy and educated.”
For Raywood, the biggest threats are the longstanding ones – “the same problems that have bothered cybersecurity for many years – legacy malware, vulnerability management, authentication issues, and users being blamed for mistakes. The biggest threat is probably still legacy malware – it doesn’t have the same impact as a zero-day utilizing worm, but continues to cause issues for businesses.”
What’s the most important thing to safeguard the future of the cybersecurity industry?
With the complexity of the threat landscape, endemic burnout amongst cybersecurity professionals, and a shortfall of nearly three million workers, the industry is at a critical inflection point. As companies, bodies, and governments look to protect such a vital sector, it’s clear that a joined-up approach encompassing regulatory support, safeguarding professionals, and technological advancements will be key.
Evolution too will be paramount, as noted by Stiennon, commenting that “the industry is a living breathing thing that can evolve to counter new attack methodologies. The most important thing is to prevent regulations and digital mercantilism from getting in the way of effective defense.”
Highlighting the essential role of protecting the people who are the lifeblood of the sector, Eskenzi spoke to the need to protect the people within it so that they’re not burnt out, overwhelmed, and under-resourced:
“We need to protect them and give them the tools and support to work in hugely stressful environments. It’s why I believe in “Mindful Security”, and why we created The Zensory app with cybersecurity professionals in mind, to help them focus and relax using music, breathwork, and touchpads. Research has shown that just by calming the brain you can be more alert and able to focus better. We’ve had 95% of people recommend it for those working in stressful environments.
“To also help the cybersecurity industry, we could better help our employees become the first line of defence when it comes to fighting breaches, phishing attacks etc. It’s got to be a collective effort.”
This was enforced by Raywood, who said that the most important thing to safeguard the industry was “definitely collaboration – the more people work together the better results are achieved. We’ve seen intelligence sharing between organisations and governments, but also the establishment of national cybersecurity agencies and centers has provided the ability to report and deal with cybercrime. If we all work together, we will not suffer alone.”
Fortunately this collaboration is continuing to increase – as is support for professionals’ mental health. This year’s International Cyber Expo saw the launch of the first-of-its-kind wellbeing corner, in partnership with The Zensory and Jamf, highlighting how wellbeing and mental health are increasingly becoming part of the agenda. Building on this, and fostering collaboration and diversity, will be vital to protect such an important sector, and help it continue to develop for the next twenty years.