Every October since 2004, the US Cybersecurity & Infrastructure Security Agency (CISA) promotes National Cybersecurity Awareness Month, a period of 31 days where the Agency does all it can to promote education, best practices, and helpful toolkits around cybersecurity and data protection, all while encouraging other responsible organizations and people to do the same.
The mantra this year is “See Yourself in Cyber”, but no – it’s not trying to evoke an image of Tron, Digimon, or any other transplanted world. CISA is promoting the simple yet sometimes overlooked truth: We are all already digital in at least some way and it is vital we act accordingly.
Yes, the focus is on the people. CISA, through its educational materials, wants to improve online safety in personal, educational, and professional settings. At PTC, we echo this message: It is important to know about the people in cyber, both its heroes and its villains, so that organizations may take appropriate measures to ensure their data and their reputations are protected going forward.
Cybercrime can be broken out by intention. While there are many nuances and minute variations, the motivations of cyber villains fall into four broad categories:
Four separate motivations, each with numerous tactics and commonly used cyberattacks. While some may speak of cybercrime as a lump collective, it is vital to understand these four motivations as not every criminal is countered in the exact same way. That said, there is a shared foundation of protection – and it may not necessarily be the department you immediately think of.
When talking about cybersecurity and data protection, most people likely think of IT. For much of the early internet, the IT department was looked at as the first and only line of defense needed against cybercrime. However, as more work shifted online, the idea of IT being the only line of defense became outdated, and not just that – but a dangerous assumption.
Think of the four groups listed above, some (especially the geopolitical) have enormous resources. Now picture the IT department of a small or even medium-sized business. It is perhaps a dozen employees, maybe up to 20. 20 people vs. a government agency – not a great contest. And it is vital to remember that these four distinct cyberthreats are always present. There is no taking turns. One organization can be hit with all four groups simultaneously if they are not careful, which brings us to the crucial meaning behind CISA’s “see yourself in cyber” messaging campaign.
The reality is that cybersecurity begins with each of us. If an employee goes online even once a day for their job then congratulations – they are part of the fight against cybercrime…or, with no training, they may find themselves an accidental antagonist. It’s not a simple one-and-done procedure either. Organizations owe it to their employees and themselves to hold regular trainings and updates regarding cybersecurity. Experts like Harvard Business Review have been sounding the alarm on inside threats since 2016, and the danger remains six years later.
To help individuals educate and prepare themselves for the changing realities of cybersecurity, CISA has provided a foundational toolkit for public use. This toolkit provides an overview of basic cyberattack threats, guiding principles to promote safety, and outlines on how to practice cybersecurity in the office and at home. There is no cybersecurity technology that can fully match the potential impact of an educated populace. Data encryption, multifactor authentication, firewalls, and zero trust principles are all important – but if an employee doesn’t know what any of those words mean – then their impact can be reduced or even fully negated.
Going forward, PTC urges everyone to think of cybersecurity as an ecosystem event. This means that it goes beyond an IT responsibility. It is bigger than any department, any supervisor, any executive. We live in a digital world increasingly like we live in the physical one, and much like you would never say “you only need a roof if you work in accounting,” you should not say “you only need to know about cybersecurity if you work in IT.” See yourself in cyber, and understand that we’re all right there with you.
PTC's hub for information on our compliance with all laws and regulations that apply to our business as well as a resource to learn more about how we protect data entrusted to us.