Source: Prostock-studio via Alamy Stock Photo
COMMENTARY
Cybersecurity Awareness Month, an annual initiative since 2004, provides organizations each October with valuable opportunities to reinforce security best practices among employees. As we engage in these activities this month, it's also an opportunity to discover ways to build a culture of security where employees understand how their daily decisions and actions can affect an organization's overall security.
Employees remain every organization's best first line of defense. Making the most secure way of doing things the easiest way helps motivate employees to make security-first decisions. For example, getting employees to use multifactor authentication (MFA) — once again a top recommendation of the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NSA) — is one of the simplest and most effective ways to enhance security. Fifteen years ago, when AWS made MFA publicly available, we knew the criticality of using MFA would only increase as technology rapidly evolved and the cloud ushered in a new era of business transformation.
At AWS, Cybersecurity Awareness Month is also an opportunity to foster internal cross-team collaboration and learning among employees — whether "security" is officially in their title or not. During Amazon's annual Security Week in October, employees will learn online and physical security best practices, how to easily report a security matter, proper ID badge usage, device protection, and how to opt-in for emergency messaging.
We're also hosting our fourth annual One Amazon Security Conference, bringing our security teams from across the company together for two days in October to connect, collaborate, and amplify knowledge sharing and skill development. Through a variety of programming, including activities to enhance practical security skills, breakout sessions covering security innovations and best practices, and presentations from experts and Amazon security leaders, employees will learn about our efforts to improve security, both internally and for our customers.
Mark Hughes, Global Managing Partner Cybersecurity Services, IBM Consulting
At IBM, we're committed to educating and empowering our teams and clients with the knowledge and tools they need to stay secure. As innovative new solutions help advance today's businesses, we also understand the complexity of addressing new cybersecurity threats and advocate to our clients the importance of proactively embedding security into all aspects of their business.
Cybersecurity Awareness Month provides an opportunity for IBM to drive awareness, highlight our security expertise, and engage our global community around the important role of cybersecurity. We're kicking October off with our "Cloud Threat Landscape" report that will examine cloud threats and highlight how companies can assess and address their risks in areas such as identity access management and data security. Throughout the month, we'll showcase these findings, alongside key takeaways from our recent "Cost of a Data Breach" report, through a series of digital content, including expert-led discussions and security-themed insights, equipping our consultants with the strategies needed to help clients address emerging cloud threats and effectively adopt automation and generative AI (GenAI) to strengthen their security.
While IBM educates our employees year-round, Cybersecurity Awareness Month allows us to intensify our focus on security-based skills training for our consultants while empowering them to get security industry certifications to help provide guidance to our clients on architectures and technologies that can help them stay ahead of attacks.
By creating an organization with a security-first mindset, and leveraging the capabilities of the cloud, automation, and GenAI, IBM educates our employees, informs our clients, and inspires new approaches to cybersecurity — like quantum-safe standards — to reinforce our commitment to a secure digital future.
Atticus Tysen, Chief Information Security Officer, Intuit
This year, our theme for Cybersecurity Awareness Month is Cyber Wellness, focusing on the importance of maintaining digital health alongside physical well-being. We're using this theme to highlight that protecting our digital lives is an ongoing responsibility, like looking after our physical health. Through this theme, we aim to foster a culture of continuous cybersecurity awareness, encouraging employees to take proactive steps in safeguarding themselves and Intuit.
As part of our Cybersecurity Awareness Month program, our chief financial officer (CFO), Sandeep Aujla, and our general counsel, Kerry McLean, will join me in an opening keynote, sharing why cybersecurity is critical to our company's overall success. In addition to general sessions for all employees, we've crafted targeted sessions for groups identified as being more prone to social engineering, based on months of phishing simulation data. This focused approach allows us to directly address the needs of specific groups.
Josh Blackwelder, Deputy Chief Information Security Officer, SentinelOne
SentinelOne lives and breathes security, all day, every day. And while our mission — Secure Tomorrow — is most often focused on a promise and dedication to our customers, it extends far beyond the business goals of the company to securing our teammates, communities, and democracy, as whole. We see Cybersecurity Awareness Month as a way to bring our expertise into our communities — helping to create future generations of cyber-aware citizens while expanding the next generation of cyber defenders.
For Cybersecurity Awareness Month, SentinelOne focuses on its CyberSafe University program, an in-school program that targets kids in grades K-12 and is designed to introduce the concept of cybersecurity in age- and activity-appropriate ways.
The program provides a range of ways that kids can think about their online activities and privacy. For younger elementary students, we focus on essential skills for safeguarding personal data online. For middle schoolers, we focus on the best practices to retain cybersecurity safety, including the importance of multifactor authentication. For older students, we also include information on how to pursue a career in cybersecurity, what to major in, and leading university programs around the globe.
Over the past two years, this massive volunteer effort has delivered amazing results — over 100 Global SentinelOne Employee Ambassadors were able to reach more than 12,000 students, in over 40 schools, in eight countries.
Raul Sanchez, Director of Information Security, Gallo
Gallo recognizes Cyber Awareness Month with a series of engaging, educational initiatives aimed at enhancing the cyber resilience of its workforce. The highlight is the annual Cybersecurity Awareness Day event, held at corporate headquarters. This event features keynote speakers and representation from our security partners, offering insights into the latest cyber threats and best practices. Designed to be fun and educational, the event provides employees with hands-on experiences and practical knowledge to better protect the organization and its data. Adding a twist, the event also includes a 5 kilometer run/walk, allowing employees to earn points in the company's health and wellness program while promoting physical fitness alongside cyber fitness.
In addition to the awareness day event, Gallo hosts weekly cybersecurity webinars throughout October. These sessions cover a range of topics, from phishing prevention to secure password management, and are designed to educate employees on how to recognize and respond to potential threats. The webinars are well received, offering employees the flexibility to participate and learn at their own pace.
To keep cybersecurity top of mind, the information security department also publishes daily security tips for all Gallo employees. These tips provide practical advice and actionable steps employees can take to improve their personal and professional cybersecurity practices. By integrating these daily reminders into the workday, Gallo ensures that cybersecurity remains a priority throughout the month, leading to a more prepared and vigilant workforce.
About the Contributors
Mark Hughes is the global managing partner of IBM Consulting Cybersecurity Services and leads IBM's team of thousands of experts in helping organizations transform security into a business enabler and establish cyber resiliency. His role spans the sales and services delivery of threat detection and response, data security, cloud security, IAM, infrastructure, risk management and ecosystem partnerships. Mark's cybersecurity career spans across two decades, including recent roles as president of security at DXC Technology, a Fortune 500 global technology services provider, and chief executive at BT Security, a leading global telecommunications provider.
As senior vice president and chief information security officer (CISO) of Intuit, Atticus Tysen is responsible for information security, fraud prevention, and enterprise information technology. Before assuming this expanded role, Tysen served as chief information officer (CIO) for nearly 10 years. Prior to that, Tysen was vice president of product development for Intuit's Financial Management Solutions group, leading product development efforts for the company's Small Business division. Since joining Intuit in 2002, he has also served as director of new technology and led the company's patent program, building a process to protect the company's intellectual property. Tysen earned a bachelor's degree in computer science from Stanford University.
Josh Blackwelder has been at the forefront of enhancing security operations at SentinelOne since early 2022. His leadership extends across cloud security engineering, security operations, FedRAMP, security engineering, vendor risk, security architecture, and application security. Before joining SentinelOne, Josh held security leadership positions at Instructer (makers of the learning management software Canvas), as well as Adobe, RBS Markets & International Banking, and Verizon Business.
Raul Sanchez, director of information security of Gallo, is a seasoned security professional with extensive experience in all facets of IT compliance, privacy, vendor risk management, security design and architecture, regulatory audits, and managing the security of mergers and acquisitions. In recent years, he has focused on implementing modern cybersecurity initiatives and enhancing cyber resilience to better protect against evolving threats. His ability to establish meaningful relationships with business teams enables the effective execution of business initiatives while ensuring the security of customer and corporate data and maintaining the company's positive brand reputation.