Adrian Johnson
The grim reality is that cybercrime is getting worse. According to the Veeam Data Protection Trends Report 2023, 85 percent of organizations suffered at least one cyber-attack in the preceding twelve months, an increase from 76 percent experienced in the prior year. So, in many ways, our current approaches are failing.
One of the main criticisms of Cyber Awareness Month — or any awareness day/month, for that matter – is that it should be a priority year-round. This is true to an extent. Cyber awareness (and preparedness) must always be on the agenda. But that doesn’t mean we don’t also need an awareness month.
Here, Cyber Awareness Month could bring about a positive change. We should use CAM to implore organizations to commit to something small to improve their security situation today. For instance, to patch one thing every day of October, or to test their recovery process. After all, actions speak louder than words, and a journey of a thousand miles begins with a single step.
Amidst the multitude of messages and opinions coming out of Cyber Awareness Month, it is imperative to note that we still see businesses dropping the ball time and time again. As we enter 2024, businesses must be prepared for a cyberattack and ready to respond to, and recover, from an incident.
Being prepared for a cyber incident means having secure backups that can’t be targeted by malware like ransomware. Knowing exactly how you’d respond and recover from an incident is just as important. Too few businesses test and prepare for the worst-case scenario, not considering recovery environments or backup cleaning until it’s go-time.
The middle of an active cyber incident is not the time to learn such lessons. Security is still important, of course, but the last line of defense, backup and disaster recovery, has become just as important as the first. It’s another area for Cyber Awareness Month to evolve in the coming year – to come full circle and cover the full spectrum of cyber resilience.
