Spotlight Podcast: At 15 Cybersecurity Awareness Month Grows with Cyber Risk

In this Spotlight Podcast, sponsored by RSA: October is Cybersecurity Awareness Month. But what does that mean in an era when concerns about cybersecurity permeate every facet of our personal and professional lives? Russ Schrader of the National Cybersecurity Alliance (NCSA) and Angel Grant of RSA*  join us to discuss the history of Cybersecurity Awareness Month and how the event is changing to meet growing demand. 

October is Cybersecurity Awareness Month. And this year is a special occasion: a Quinceañera of sorts recognizing 15 years since the first Cybersecurity Awareness Month in 2004. As my guests this week note: the goals of Cyber Security focus and importance of cyber security awareness month has changed a lot since the early 2000s. Back then, the biggest threats were from nuisance attacks like NIMDA and SoBig. Cyber crime was more theory than reality/ Today, destructive wiper attacks like NotPetya can cause billions of dollars in damages in a matter of minutes and cyber crime is a multi-billion dollar global industry.

Angel Grant RSA
Angel Grant is the Director, RSA Identity and RSA Fraud & Risk Intelligence)

How have those changes affected the mission and purpose of NCSAM? And what does Cyber Security Awareness Month mean in 2018 as opposed to 2003?  To answer those questions we invited two experts into The Security Ledger studio to talk about the evolution of the event and of the cyber security industry itself: Russ Schrader is the Executive director of the National Cybersecurity Alliance (NCSA) and  Angel Grant is the Director, RSA Identity and RSA Fraud & Risk Intelligence.

[See also: DHS announces New Cybersecurity Strategy]

The Computers in our Pockets

Russ noted that one of the biggest changes in the last 15 years was the arrival of powerful smart phones like the iPhone and Android, which consolidated a range of functions on a single, portable device: web, video, email and so on.

“In 2002 I had a phone, but I had a separate piece of plastic and metal that was a camera and another piece of plastic and metal that had my music on it.”

Russ Schrader NCSA
Russ Schrader is the Executive director of the National Cybersecurity Alliance (NCSA)

Compared with today, those were sleepy times – when you might update your desktop antivirus weekly or even monthly -like changing the batteries in your TV remote, but not be overly concerned about debilitating cyber attacks or scams, Schrader noted. “People weren’t aware of the threat,” nor were the threats as closely interwoven with individuals lives as they are today, he said.

Problems like cyber crime were predictable outgrowths of growing connectivity and convenience – from electronic banking to online retail, Angel Grant of RSA told me.

[You might also be interested in: Podcast Episode 111: Click Here to Kill Everybody and CyberSN on Why Security Talent Walks]

Progress…at a price

“In the past there was a…lack of focus and awareness of the consequences of (going online) and the vulnerabilities that opened up with technology changes,” Grant told me. “We have now come to the realization with what that means with all crime we’re seeing over last 15 years,” she said.

These days, cyber security is personal, Grant said: from corporate losses and fines to personal identity theft. Its harder to believe “it won’t happen to me,” Grant argues.

Also: corporate executives have had their consciousness raised – if for no other reason than that they’ve been witness to so much carnage. “The c-suite and board have opened up to the reality that (cyber) security is a business problem,” she said. “There are grave consequences for org that don’t take this seriously.”