chat
expand_more

Cybersecurity Awareness Month: How CISOs Can Engage, Educate, and Empower Year-Round

Happy Cybersecurity Awareness Month! Make sure your workforce is prepared to combat emerging threats all year with these 5 tips.
October 1, 2024

It’s October 1, and we all know what that means: it’s officially socially acceptable to hang up Halloween decorations!

More importantly, it’s the first day of Cybersecurity Awareness Month. For more than two decades, October has been a time for organizations to evaluate their cybersecurity practices and identify areas for improvement.

I’ve always felt that this is the perfect time of the year to focus on cybersecurity awareness. Spooky decorations with monsters and goblins are everywhere you go, acting as reminders of the sinister cyber threats lurking in your cloud environment.

While security education and training should, of course, be an ongoing initiative, Cybersecurity Awareness Month presents a unique opportunity for security leaders to emphasize the behaviors, tools, and resources that can help employees support the security of the organization year-round.

Celebrating Cybersecurity Awareness Month

Cybersecurity Awareness Month is the security leadership team’s chance to highlight the importance of every employee’s role in an organization’s security. It’s an ideal occasion to remind them that being security-savvy protects not only the organization but also its workforce.

I recognize that finding the right activities to share the message can be difficult—especially with remote teams. That’s why I recommend partnering with your marketing and corporate communications team and leveraging their creativity and expertise to get the message out to your audience.

Here are some ideas from my experience as CISO, and some of my plans for promoting cybersecurity awareness here at Abnormal.

1. Underscore the Personal Value

Would-be scammers target people and businesses, so any advice should encompass both the personal and the company context. An employee who becomes a victim of identity theft or extortion is a distracted employee and, ultimately, a potential risk to the organization.

Teaching employees how to keep their kids safe online or fine-tune their social media accounts to protect their privacy can also be beneficial. In my experience, employees are appreciative that we care about their safety. Plus, cybercriminals look at personal accounts to access professional ones, often hoping that people will use the same password across websites.

Prioritize the personal impact, and they’re more likely to participate.

2. Make It Memorable

The consequences of cybercrime can be sobering, but the best way to ensure employees retain information is to keep it concise and memorable—and include humor. We're all human, after all. The most impactful training materials are the ones that find the right balance between informative and engaging.

For example, our Cybersecurity Awareness Month Resources are centered around the Abnormal Anomalies—characters that represent eight of the most common attack types targeting today's enterprises. This approach injects a little personality into security awareness and education and makes it more enjoyable.

Another option is fun stickers that include slogans or reminders for employees to lock their screens or use complex passwords, which keep the concept front and center as a ready reminder. You can send these out in early October as a way to celebrate the month.

3. Keep It Fun

Gamification, competition, and giveaways are much more effective ways to encourage employee participation than making them watch boring role-training videos.

Using a game like BINGO or a scavenger hunt that requires employees to dig into the security documentation to find policies like the minimum password character requirement gets them beyond the quick skim. You can also use online phishing quizzes or remote games like Kahoot to encourage participation.

Our Cybersecurity Awareness Month Resources include six different games to help make improving detection skills more entertaining. We also have a Human or ChatGPT? Quiz that allows employees to test how well they can tell the difference between human-generated malicious emails and AI-generated.

Remember: Rewarding participants with prizes will continue to reinforce good habits long after the month is over.

4. Include Guest Speakers

Your employees may be tired of hearing the same information from members of your internal team or via the training videos in your learning management tools.

Creating a Lunch and Learn event and inviting a guest speaker is a fun way to engage your employees and provides a new opportunity to reinforce the message. In the past, I’ve had members of the FBI speak, and it’s always been a hit. Security vendors are also always willing to discuss security trends and how employees can protect themselves.

5. Start a Year-Long Program

Determine which activities inspire the most awareness and participation, and use that information to create a year-long training calendar. Continue to keep cybersecurity top of mind with new activities, which can be particularly helpful as new people join your team.

Create a Cybersecurity Happy Hour, ask security professionals to speak at a Lunch and Learn once a month, or ask employees to spend 30 minutes each month on a quick activity to keep the momentum.

This month is your chance to get people excited so they continue to think about cybersecurity throughout the rest of the year.

Responding to the Generative AI Threat

The influence of AI on cybercrime over the past two years has been undeniable.

A growing number of cybercriminals are weaponizing generative AI to craft unique and personalized messages that no longer include the telltale grammar and syntax mistakes of the past—making email attacks increasingly difficult to detect.

To combat the malicious applications of generative AI, it’s crucial for organizations to continually foster an environment of awareness and encourage employees to err on the side of “better safe than sorry.” Enterprises must also develop and implement robust defenses, enhance detection capabilities, and stay vigilant to emerging threats—before they become the next victim of an AI-generated attack.

Our white paper The Rise, Use, and Future of Malicious Al: A Hacker's Insight, authored by ethical hacker FreakyClown (FC), provides a firsthand look at the tactics used by threat actors leveraging AI. Additionally, our threat report AI Unleashed: 5 Real-World Email Attacks Likely Generated by AI in 2023 includes real-world examples of malicious emails that were likely generated by AI. We recommend sharing these with your employees to provide them with insights into how modern cybercriminals operate.

Committing to Cybersecurity Awareness All Year Long

As has been the case for most of this year, October will fly by quickly, and everyone will move on from Cybersecurity Awareness Month. If you are responsible for your company's cybersecurity program, make sure you take full advantage of the momentum that October can bring to keep your employees engaged and cyber-focused throughout the year.

Continue to look for unique ways to interact and try to find fun, bite-sized ways to keep attention on protecting employees and the company. After all, cybercriminals are hard at work the entire year—and you should be too.

Our Cybersecurity Awareness Month Resources make security education more engaging. Download the guide, games, and more to take your awareness training to the next level.

Be Aware. Be Prepared.
Cybersecurity Awareness Month: How CISOs Can Engage, Educate, and Empower Year-Round

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More