As Cybersecurity Awareness Month marks its 21st year, it’s clear that this year stands out. Phishing emails have become more convincing, and fraud has increased, making cyberattackers seem legitimate—as if they were Microsoft support or even the fraud detection services from your bank.1 And threat actors are taking advantage of the rise of AI, using it to enhance and fine-tune their strategies.
To add to the complexity, dedicated cybersecurity teams are currently resource constrained, especially compared to their cyberattackers. Globally, the cybersecurity workforce gap has widened this year, with four million roles left unfilled in 2023—a nearly 13% year-on-year increase.2
To help our global defenders, Microsoft has put together the Be Cybersmart Kit, designed to educate everyone on best practices for going passwordless, not falling for sophisticated phishing or fraud, device protection, AI safety, and more.
Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.
In partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) we have focused on four simple best practices:
“Cybersecurity is not a one-time thing, but that doesn’t mean it has to be a hassle. Small changes in our technology habits can be easy, like using multifactor authentication or keeping your devices and software up to date. All the bad news about the latest data breaches can leave us feeling powerless, but adopting simple, repeatable behaviors goes a long way to protecting our families and businesses. It’s important to stay safe online because your data is worth protecting.”
—Lisa Plaggemie, Executive Director, NCA
The Be Cybersmart Kit goes further, providing information and infographics that cover six of the most universally important elements of cybersecurity. These areas of focus are AI Safety, Cybersecurity 101, Devices, Fraud, Phishing, and Passwords. For example, the AI Safety infographic delivers new guidance that focuses on the safe use of AI tools within your organization, including making sure you haven’t become overconfident in AI-generated content and search results and that you’re using the AI tools provisioned by your IT organization.
The Be Cybersmart Kit is a great starting point, and it’s just one of the many resources Microsoft has put together on its Cybersecurity Awareness site. Those seeking more in-depth resources can access expert-level learning paths, certifications, and technical documentation to continue their cybersecurity education. And for students pursuing the field of cybersecurity, the Microsoft Cybersecurity Scholarship Program and many more educational opportunities are here to help. The goal of all these programs is to help foster a security-first culture and continuous learning for students and professionals alike.
“CISA is excited to lead the federal government’s efforts to reduce online risk during this 21st Cybersecurity Awareness month and every month. We work with government and industry to raise cybersecurity awareness and help everyone, from individuals to businesses to all levels of government, stay safe online in our ever-connected world. Protecting ourselves online is about taking a few simple, everyday steps to keep our digital lives safe.”
—Jen Easterly, Director, CISA
AI-enhanced phishing threats and social engineering are on the rise. These threats are often highly targeted and present fewer of the tell-tale signs of their traditionally generated counterparts. In the FBI’s 2023 Internet Crime Report, the agency states that its Internet Crime Complaint Center fielded more than 800,000 cyber incident complaints. The FBI estimates the total losses associated with these incidents to be greater than USD10 billion.2
To better understand phishing-related risk factors in the era of AI, Microsoft has collaborated with Fortra to put together the Phishing Benchmark Global Report. The report found that 10.4% of phishing simulation participants clicked the email phishing link they were sent—a 3.4% increase over the previous year.3 Even more worrying, 60% of users who clicked on the email link also ultimately submitted their password to the phishing website.3 These attacks target tens of millions of users annually, and with AI-enhanced features they are more and more likely to evade traditional security layers like firewalls and email security measures. AI can also aid cyberattackers in setting up their phishing sites in locations that internet browsers and security providers are less capable of detecting as high-risk.
In the era of AI, we are all cyberdefenders. Despite this, 52% of employees still say their job has nothing to do with cybersecurity.3 This couldn’t be further from the truth. Employees are the first and last line of defense—and Microsoft recognized the importance of this when we created the Secure Future Initiative. Our Chief Executive Officer Satya Nadella has led the charge himself as Microsoft puts “security above all else, before all other features and investments.” This is why educating everyone on staying cybersafe is so important right now. Whether you point your employees to some of the resources linked in this article, highlight your own in-house resources, or bring in outside experts, it’s time to act now.
We all have a role to play as cyberdefenders both at work and home. Identity and device protection can help protect individuals and their families from malicious cyberthreats—and Microsoft is making it easier than ever to stay safer on unsecure Wi-Fi with the expansion of privacy protection. Consumers can get the added protection of a VPN on their phones and computers when on-the-go in places like coffee shops or airports. And now, device notifications alert users to unsafe Wi-Fi connections guiding them to turn on VPN for a safer connection.
For informed individuals looking to further broaden their understanding of the landscape, Microsoft invites you to join the Build a Security-First Culture in the Era of AI webinar on October 30, 2024. Let’s all do our part to secure our world—together.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
1Bold action against fraud: Disrupting Storm-1152, Microsoft. August 7, 2024.
2Cybersecurity Workforce Study, ISC2.
3Phishing Benchmark Global Report, Fortra.