Cybersecurity Awareness Month 2019

Cybersecurity Awareness Month 2019

Offensive Security

October is National Cybersecurity Awareness Month. It’s an effort to raise awareness about cybersecurity among those who aren’t typically aware or concerned. For those of us in the infosec industry, it’s a good reminder that we’re in a position to mentor those around us in having safer online lives.

Community is one of our values here at OffSec. Cybersecurity Awareness Month provides an opportunity for all of us in information security to support our broader communities.

As penetration testing professionals, we can help both our organizations and those close to us better protect themselves – even if they’re not technically inclined. What seem obvious to an OSCP are things our colleagues, friends, and family may not know or think about.

How can we take the lead in changing that? Simple: by going back to basics. This post covers some information sources and tools that you can share.

Information

To start, arm people with information. Most people have heard of a major breach in the last few years, but they may not be aware of how big the problem is.

How better to show them than with this data visualization by Information is Beautiful? It covers 2009 to the present and is regularly updated. Many of the names included are recognizable…and have slipped under the radar in terms of media reporting.

Then there’s this visualization, showing the top 500 passwords. Passwords might be more or less useless against advanced attacks, but they’re the starting line of defense for most people and organizations.

Individuals and small businesses can benefit from the information presented in infographics provided by the Canadian Center for Cyber Security.

Tools

When your friends and colleagues better understand the scope of the threat, show them how they can protect themselves. The US Department of Homeland Security provides a toolkit with resources covering this year’s three themes: Own it. Secure it. Protect it. 

The toolkit also includes a trivia game and an option to request a speaker for your organization.

Some people write their passwords down, maybe in one of those notebooks you can find that say “My Passwords” across the front cover. All it takes is having that notebook fall out of a pocket or purse for them to be exposed. Encourage them to use password saving tools like LastPass or 1Password, which also offer more secure sharing options for shared accounts. 

Check if your friends and family have an antivirus or antimalware software installed. Malwarebytes detects threats that many antivirus software doesn’t, including ransomware. 

What if it’s too late? You can help others find out if they’ve been a victim of a hack with Have I Been Pwned. If they have, the breached organization may already offer free credit monitoring. Alternatively, services like Credit Karma also offer identity monitoring.

Training

Even if it’s unlikely for your dad or cousin to become a penetration tester, there may be greater scope for cybersecurity training at your organization. Too often, this training is limited to the IT or infosec department (or person – we know the staffing struggle is real). 

For example, could your company’s web app developers benefit from security training? Our Advanced Web Attacks and Exploitation course teaches web application security. Developers with knowledge of Python, familiarity with Linux, and previous experience with web proxies and web app attack vectors can improve their knowledge of how to defend their code.

Network admins could benefit from WiFu and even experienced OSCPs can take their skills to the next level in Cracking the Perimeter.

Spread the word

What will you do to help your friends, family, and colleagues lead more secure lives? What are some tools or information sources that you like to share? Let us know on Twitter, LinkedIn, or Facebook.

Editor’s note: Offensive Security is not affiliated with any of the third parties mentioned in this article and is not receiving any compensation for mentioning them.

Previous Post
Meet Csaba Fitzl, Student Graduate of Every Offensive Security Course
Next Post
Understanding the Fundamentals of Web Application Security

Related Posts

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE