The industry speaks: Cyber Security Awareness Month 2024

October has now rolled around and that now means we’re kicking off Cyber Security Awareness Month – a global effort to make cyber security front of mind for individuals, businesses, and other organisations.

The theme this year is “Secure Our World” – a worthy goal, but one that many of the experts below agree we cannot manage alone.

Cyber security is a whole-of-community challenge, so here’s what our community of cyber security leaders and defenders have to say on how to secure our future from a raft of evolving threats.

Antonio Sanchez
Principal cyber security evangelist at Fortra

In the world we live in, we cannot expect others to protect our personal privacy, so we must take steps to protect ourselves.

This year, for Cyber Awareness Month I challenge everyone to do one new thing that helps protect their privacy and increase the security of our digital interactions.

Here are some ideas to consider:

• If you use the same password/passphrase for all your sites, then start using a password manager and create unique passwords. Start with just a few sites to get used to using it, and then gradually add other sites with new passwords.
• If you use a password manager, increase the number of characters and character types when generating a password.
• If you have never used a multifactor authentication app, start using one. Google Authenticator and Microsoft Authenticator are available for iOS and Android, they are free, and extremely popular, so there are lots of resources and videos to help people get comfortable with using them.
• If you have never used a shredder, then purchase one and get into the habit of shredding mail or other documents with sensitive information you want to discard by shredding them. This includes those copies of tax returns that are over seven years old, those checks that come in the mail from your bank which can be used for balance transfers, and monthly bills.

VIEW ALL

There are lots of other examples. Just stop and think about anything that contains personal data and a step you can take to protect it.

James Greenwood
Regional vice president of technical account management at Tanium

As we discuss Cyber Security Awareness Month, a lot of IT teams are inevitably feeling stretched. A combination of skills shortages and shrinking budgets means burnout is rife across the industry. In cyber security, this can quickly lead to human errors that open up an organisation to increased risk. Automation is one way to overcome this growing issue.

Automation will change the IT workforce for the better by leading to reduced human error, lowering burnout rates, and improving work/life balance. For example, most patching today needs to happen outside of regular working hours due to systems having to be shut down for hours at a time. With automated patching, this would no longer be the case, leading to happier, more productive teams that are less likely to make mistakes that could cost their company millions.

This Cyber Security Awareness Month, organisations should be thinking about how they can leverage automation tools to support critical tasks, from endpoint monitoring to compliance auditing and patching. This won’t just save resources and reduce burnout but will reduce the overall risk involved in manual cyber security processes.

Simon Berglund
Senior vice president and general manager for APAC at Diligent

Cyber Security Awareness Month is an opportune time to reiterate the critical and accelerating need for proactive governance to address cyber risks. As cyber attacks become more sophisticated, boards and executive teams must prioritise cyber security not just as an IT issue, but as a core element of their governance strategy.

As highlighted by recent legislation, the accountability for cyber failures rests not only on companies but also on individual executives. It’s crucial that organisations implement proactive governance programs, conduct regular risk assessments, and ensure that CISOs are equipped with both the authority and liability protection needed to address these risks effectively. Cyber security should be a shared responsibility, requiring collaboration between legal, compliance, and security teams. Regular, transparent reporting to the board and comprehensive employee training programs are essential to minimise vulnerabilities.

At Diligent, we equip leaders with the tools to stay ahead of cyber risks by offering real-time insights and secure collaboration across governance, risk, and compliance. In today’s fast-changing environment, boards must ask the right questions, engage with cyber security experts, and foster a risk-conscious organisational mindset.

Cyber security isn’t a one-off effort; it’s an ongoing obligation. Now more than ever, it’s critical to build more secure, resilient organisations through an optimised, holistic practice across not only cyber but [also] all GRC executives and the board directors.

Alyssa Blackburn
Program manager, information management, at AvePoint

High-profile data breaches today are often the result of poorly managed systems and a lack of proper information life cycle management. While external cyber threats have grown more sophisticated, many breaches stem from outdated or inefficient internal processes. Too often, organisations focus on responding to external threats while neglecting the internal processes that allow those threats to succeed in the first place.

When critical information isn’t properly classified, retained, or disposed of, organisations are left exposed, increasing the risk of breaches. Stale, ungoverned data becomes a ticking time bomb, ready to be exploited by malicious actors.

To address these vulnerabilities, it’s critical for organisations to prioritise optimising their systems and making secure practices intuitive for employees. Cyber security shouldn’t be an added burden, but should instead be seamlessly integrated into everyday workflows. The right thing to do must be the easiest thing to do, reducing the friction employees face when handling data securely.

Rather than relying solely on employee training or adding extra security tasks, businesses should focus on strengthening their systems, automating data, and simplifying the management of records and information, ensuring compliance and life cycle governance across cloud-based systems. This proactive approach ensures that security measures are effective and easy to follow, with a strong focus on proper information life cycle management – ensuring that data is appropriately classified, retained, and disposed of in a timely manner.

By simplifying security and building resilient, well-managed systems, organisations can better protect themselves from breaches while fostering a culture of cyber security awareness and responsibility.

Andrew Borthwick
Managing director, Australia and New Zealand, Orange Business

Cyber Security Awareness Month arrives as Australia faces a surge in cyber threats, with research from Orange Cyberdefense revealing a 61 per cent increase in cyber extortion attempts against Australian businesses in the past year alone. Australia is now the nation with the highest number of cyber extortion victims in the region. This highlights an urgent need for organisations to prioritise vulnerability management and hyper-automation to safeguard their systems from potential attacks.

This starts with adopting a robust cyber security strategy that acknowledges the severity of the current landscape and encompasses advanced threat detection solutions to identify and neutralise threats in real time. Equally critical is prioritising vulnerability management and penetration testing to proactively uncover and address weaknesses. Regular cyber security awareness training can also ensure businesses are best prepared to respond to threats and issues with confidence.

We understand that cyber attacks represent a clear and present danger to businesses of all sizes and across all industries. While professional, scientific and technical services businesses remain a primary target, cyber criminals are increasingly targeting critical infrastructure and supply chains, posing significant risks to business operations and even national security. Sectors like manufacturing, which make up 13 per cent of cyber extortion victims in Australia, are particularly vulnerable, potentially impacting jobs, productivity, and economic stability.

By creating a ‘trust shell’ around systems through layered defences, Australian businesses can fortify themselves against cyber attacks, ultimately building the resilience necessary to thrive in this landscape.

Adrian Covich
Senior director, systems engineering, Asia-Pacific and Japan, at Proofpoint

A resilient cyber ecosystem is crucial to securing our collective future, especially as we navigate the age of AI. Cyber Security Awareness Month highlights the vital role each of us plays in protecting our digital world, emphasising that organisations must prioritise safeguarding people, not just systems. Cyber attackers are increasingly shifting their focus from exploiting network vulnerabilities to targeting individuals, recognising that human error is at the core of most security breaches. Sixty-nine per cent of Australian CISOs cited human error as their organisation’s biggest cyber vulnerability, up from 51 per cent in 2023 based on Proofpoint’s 2024 Voice of the CISO report.

In response, nearly nine in 10 (86 per cent) Australian CISOs are looking to deploy AI-powered technologies to combat human error and advanced human-centred cyber threats. Unlike networks, people cannot be “locked down” – they work in dynamic environments, using a variety of tools to stay connected. AI provides the critical tools needed to address these evolving threats. Security measures must cover the entire spectrum of communication channels, from emails to collaboration platforms and cloud services, making the use of AI and large language models (LLMs) essential for monitoring and protection.

While AI-powered defences are crucial in the fight against sophisticated cyber attacks, awareness and education remain our most powerful tools. Cyber Security Awareness Month serves as a timely reminder for Australians to stay informed and vigilant: always verify the authenticity of media through multiple credible sources, confirm the identity of suspicious contacts, limit personal information shared online to reduce the risk of identity and data theft, and remember – if it seems too good to be true, it probably is.

Manuel Salazar
Director of cyber services at Orro

Despite increased awareness of cyber threats, we saw the highest number of reported cyber breaches in three years during the first half of 2024. This isn’t set to slow, and during Cyber Security Awareness Month, we encourage businesses to review their cyber processes and ensure the necessary measures are in place to stay protected and equipped to respond to and recover from cyber threats.

Three ways businesses can protect themselves against cyber threats include:

Remain cyber vigilant: As your business grows and your risk posture changes, your security investment around people, process, and technology should scale accordingly. Ensure that with every business development, your cyber security posture and risk appetite [are] reviewed and updated.

Develop a cyber crisis management plan: In today’s technology landscape, a cyber attack or breach is not just a matter of “will it happen?”, but “when it will happen”. By having a cyber crisis management plan in place, businesses are poised to identify, respond, and, most importantly, recover from cyber security incidents more rapidly, preventing further incidents and restoring normal operations.

Empower your workforce: Develop the right security culture within the organisation, resulting in employees who are proactive when it comes to their organisation’s security. Provide regular training to recognise phishing attempts and cyber threats and how to report them so your employees can play an active role in protecting the business from ongoing threats.

Aaron Sharp
Security solutions consultant at Verizon Enterprise Solutions

As we enter Cyber Security Awareness Month, it’s crucial to reflect on Australia’s unique role in regional security and technology advancement. Our success, both regionally and globally, depends on protecting critical assets and ensuring digital resilience. With cyber threats becoming more frequent and sophisticated, we must go beyond system redundancy and focus on survivability – both for businesses and government agencies.

Australia’s reliance on distributed networks requires a shift in our cyber security approach. Businesses must move beyond lip service, re-evaluating their investments and partnering with top-tier, government-grade security providers. As the cyber and physical worlds merge, tackling invisible threats demands transparency, collaboration, and pragmatism.

The rising frequency of cyber attacks underscores the urgency. According to the Australian Signals Directorate, the cost of cyber crime reports has surged by 14 per cent, reflecting not just financial loss but significant reputational damage. Verizon’s 2024 Data Breach Investigations Report (DBIR), in tandem, shows [that] 68 per cent of breaches involve the human element, emphasising the need for education alongside technology.

The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cyber security training, but the increase in self-reporting indicates a culture change that destigmatises human error and may serve to shine a light on the importance of cyber security awareness among the general workforce.

Mark Thomas
Director, security services, ANZ at Arctic Wolf

Over the past couple of years, not only has cyber security become more mainstream, it has become everyone’s responsibility. Due to the combination of awareness efforts from the industry and the consistent headlines from breaches and incidents that affect all sorts of businesses and individuals, awareness is at an all-time high.

That said, it’s important to remind ourselves that the true goal of this month is to encourage more people to understand and adopt behaviours that protect themselves. My hope is that we focus less on things like “punishment training” when small errors are made, which is the least impactful, and instead focus on things that the average person will benefit from.

At the end of the day, the business benefit must be the byproduct, not the entire goal.

Carol Chris
General manager, APAC, at GBG Plc

As we mark Cyber Security Awareness Month 2024, it’s clear that safeguarding the digital ecosystem requires a collective effort. Cyber security and fraud prevention are deeply interconnected, as identity is often the first line of defence against both cyber threats and fraudulent activities. At GBG, we believe [that] when we protect identities, we mitigate risks across both landscapes.

Australia’s cyber security ambition is bold – but to achieve it, public-private partnerships are critical. No single entity can tackle the complex and evolving nature of cyber threats alone. We have seen an increased interest in partnership from security providers, government bodies, and industry stakeholders to close gaps in identity fraud prevention and ensure the integrity of digital interactions. Yet, nearly a quarter of Australian businesses who responded to GBG’s recent Global Fraud survey feel that the government isn’t doing enough to help fight fraud, with 52 per cent seeking more government support in protecting against data breaches.

Strengthening cross-sector collaboration and intelligence enhances the security of the broader digital ecosystem, and 81 per cent of APAC businesses agree that it is key to beating fraudsters.

As we navigate the challenges posed by the digital landscape, this year’s theme, “Secure Our World,” serves as a reminder that cyber awareness and preparedness should be an ongoing priority, underscoring the role of identity verification in protecting sensitive data and securing digital assets.

Zak Menegazzi
Cyber security specialist, ANZ, at Armis

To achieve true resilience against ever-evolving cyber threats, a proactive approach is needed. This includes comprehensive identification and real-time monitoring of all connected devices, along with the ability to identify and swiftly mitigate vulnerabilities across the entire attack surface.

Just like you can’t fix a problem you don’t know exists, you can’t protect assets you can’t see. The first step is achieving complete attack surface visibility. This means identifying all connected devices, including known and unknown physical and virtual assets, that are connected to the network.

While eliminating all risks is impossible, prioritisation and continuous monitoring are crucial. By investing in real-time asset intelligence, vulnerability analysis, and AI-powered threat detection and remediation, organisations can proactively mitigate and manage their cyber risk exposure.

Furthermore, organisations must keep cyber exposure front of mind. This means using AI-powered platforms to help see, protect and manage all their assets in real time against potential threats. Doing so ensures they can proactively mitigate risks, remediate vulnerabilities, block threats and protect their entire attack surface.

Sumit Bansal
VP, Asia-Pacific and Japan, at BlueVoyant

The Australian Cyber Security Centre has announced the theme for this Cyber Security Awareness Month as ‘Cyber security is everyone’s business’. This October, they are encouraging all Australians to take action to protect their devices and stay safe online. They have outlined simple steps such as using MFA, using strong and unique passwords and greater awareness of phishing, all of which are great foundational, basic hygiene steps to improve your overall security against the most common threats.

Beyond the basics, it is critically important that companies understand their extended digital supply chain, or the suppliers, vendors, and other third parties that have direct or indirect access to their network. Organisations need to know who they are connected to and what access these third parties have. If a third party gets breached, this breach can then compromise the main organisation and result in data loss, ransomware, or business interruption. As organisations look to mature their supply chain risk defences in the next year and beyond, they need to actively work with their suppliers to mitigate risk, regularly monitor and measure their third-party cyber risk posture and ensuring they educate top-down, from senior management to employees across all business units about the risks of inaction. Organisations should have documented and enforceable policies such as a written information security plan and incident response plan, which are socialised and tested throughout the company and accompanied by regular, all-hands security training. While we cannot expect the number of supply chain cyber attacks to decrease, we can hope that faster identification and remediation help to soften their impact.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.