October is National Cybersecurity Awareness Month. Throughout this month, cyber issue awareness is promoted to educate individuals and organizations on the importance of cybersecurity.
This year has seen notable cyber threats, making cyber awareness and preparedness essential. Here, cyber leaders share their thoughts on cybersecurity and the threat landscape.
National Cybersecurity Awareness Month: Security leaders discuss
Karl Holmqvist, Founder and CEO at Lastwall:
“We stand at a pivotal moment in cybersecurity, where we must confront a pressing question: “Are we genuinely doing enough to secure our world?” As the digital landscape evolves with unprecedented speed, companies are uniquely positioned to lead by crafting and deploying robust, accessible solutions. It is time to move beyond the minimum thresholds of compliance and push for fortified defenses that truly make a difference. By embracing innovative pricing models, the industry can democratize access to high-quality protective measures, ensuring that organizations of all sizes can step up their security game. The priority must be to safeguard our society.
“With the advent of post-quantum computing on the horizon, the stakes have never been higher. The protection of sensitive information and critical infrastructure demands a renewed and unwavering commitment. To build a safer future, the cybersecurity community must unite, fostering collaboration and a proactive stance against emerging threats. When we view cybersecurity as a shared duty — to protect society — we lay the foundation for real, meaningful progress. This collective resolve will be our strongest defense in navigating the challenges ahead.”
Bruno Kurtic, Co-Founder, President, & CEO at Bedrock Security:
“The 21st Cybersecurity Awareness Month’s theme “Secure Our World” is a stark reminder of our shared responsibility in securing the digital landscape. Data breaches continue to escalate, with the average data breach costing $4.88 million — the highest cost ever recorded — and the number of data compromises rising to 1,571 in the first half of 2024, up 14% from 2023.
“The scale and speed of these breaches underscore a critical truth: each organization must take full accountability for the sensitive data they handle. A key first step is ensuring full visibility into where critical information resides and who has access to it. Without this, gaps and vulnerabilities, and thus breaches, multiply.
“And adapting to new challenges from modern use cases such as GenAI is essential. To prevent sensitive data leaks in GenAI LLM models, it’s crucial to understand the data, the business context, and control what data is used before it is used for GenAI training. Strong data governance and access controls enable the speed required for innovation without compromising security.
“Modern enterprises understand that cybersecurity is not just the responsibility of IT teams — it's a shared duty across the entire organization. By embracing this mindset, we can collectively secure our world.”
Scott Kannry, Co-Founder and CEO at Axio:
“As we observe the 21st Cybersecurity Awareness Month, it’s essential to focus not only on raising awareness but also on taking concrete actions to reduce cyber risks. While increased engagement from the C-suite and boards is a positive step, many organizations still face challenges in turning this awareness into coordinated and effective action.
“To truly “Secure Our World,” organizations must move beyond just identifying cyber risks and concentrate on actionable strategies to mitigate them. This means fostering better communication among stakeholders, aligning on priorities that matter most to the business, and making decisions that focus on minimizing the potential impact of cyber incidents. As recent events like CrowdStrike have shown, even well-defended companies can be significantly affected, sometimes due to accidents. Thus, it is imperative to understand the ramifications of a successful attack (or accidental event) to effectively minimize business impact. Cyber Risk Quantification (CRQ) can be a powerful tool in this effort, but only when it is used to drive business decisions rather than just measure risk. Aligning stakeholders on CRQ can help bridge the communication gap and create a unified approach to cybersecurity.
“As cybersecurity threats evolve, so must our approach. Organizations that involve a broad range of voices and focus on practical outcomes will build more resilience and secure environments for everyone. This month serves as a reminder that securing our world is an ongoing effort that requires collaboration, clear strategies and a commitment to continuous improvement.”
Shawn Waldman, CEO and Founder at Secure Cyber:
“Cybersecurity Awareness Month is ineffective. I know I might be in the minority, but as a nation, sometimes we do the same things over and over again without achieving different results — or sometimes, any result at all. I like the idea of Cybersecurity Awareness Month from an awareness perspective, but we need to do more.
“Cybersecurity is national security — let’s start there. Cybersecurity Awareness Month is focused on four things: recognizing and reporting phishing, using strong passwords, turning on MFA, and updating software. These are all high-level and essential tasks for basic security. However, what’s missing are step-by-step videos and documentation that guide the average citizen through these processes for some of the most critical apps in use today. A prime example (pun intended) is Amazon! It is likely one of the most widely used applications in most countries, possibly worldwide. Why not use this campaign to walk people through how to secure their accounts?
“Lastly, we must educate the public on how fragile our critical infrastructure is and how they can protect themselves. This isn’t fear-mongering; it’s about simple awareness and utilizing sites like ready.gov to learn how to begin the preparation process.”
Irfan Shakeel, VP Training & Certification Services at OPSWAT:
“To “Secure Our World," protecting critical infrastructure must be a top priority, requiring proactive strategies to safeguard our society’s critical systems and sensitive data. This effort must go beyond raising awareness and demand targeted cybersecurity measures vital for national security. In sectors we all rely on, such as energy, transportation, and healthcare, organizations should focus on real-world attack vectors, like SCADA system manipulation, to better understand the risks we face and enhance preparedness.
“Regular tabletop exercises simulating OT/IT breaches, strict enforcement of multi-factor authentication (MFA) and network segmentation, and active leadership in fostering a security-first culture are essential steps for readiness and resilience. These foundational measures must be continuously reinforced to maintain vigilance across the organization.
“Cybersecurity should also be embedded throughout the product development lifecycle, starting with secure coding practices and early threat modeling. Regular security reviews, vulnerability assessments and the use of static and dynamic analysis tools ensure security is integrated from the start, reducing post-deployment risks. By embedding cybersecurity into each phase, organizations minimize vulnerabilities and strengthen overall security postures."
Travis Howerton, CEO and Co-Founder at RegScale:
“In today’s landscape of growing regulatory demands and cybersecurity threats, organizations must adopt effective strategies to manage risk and ensure compliance. During Cybersecurity Awareness Month, it is crucial to focus on best practices for automating risk and compliance to enhance your organization’s cybersecurity framework:
- Implement continuous monitoring: Automation remains the key to continuously monitor systems for vulnerabilities, misconfigurations and compliance gaps. By proactively identifying risks before they escalate, organizations can maintain real-time security and minimize potential threats.
- Automate security audits and reports: Automating routine security checks and the generation of audit reports is critical for streamlining compliance. Regular automated assessments help organizations stay aligned with industry standards and regulatory requirements, reducing the need for costly manual efforts.
- Integrate risk management into DevOps: Embedding security and compliance checks within the DevOps pipeline ensures that vulnerabilities are identified and addressed early, reducing risks and preventing non-compliant code from reaching production.
“By adopting these practices, organizations can reduce human error, improve operational efficiency, and maintain ongoing compliance with industry regulations while safeguarding their digital assets. Embracing automation in risk and compliance management is essential to “Secure Our World” and stay ahead of evolving cyber threats.”
Dale Hoak, Director of Information Security at RegScale:
“As we observe Cybersecurity Awareness Month, it’s essential to rethink how organizations approach compliance to enhance digital security. To truly “Secure Our World,” organizations must adopt a dynamic approach to Governance, Risk, and Compliance (GRC) that evolves with the changing landscape of security threats and regulatory demands. Traditional GRC methods often struggle to keep up with today’s fast-paced threat environment. The future of GRC lies in Dynamic Operational Control Management, which integrates Continuous Control Monitoring (CCM) with automation, AI, and real-time analytics to ensure robust security.
“Compliance should be an outcome of effective security practices, not a mere checkbox exercise. By leveraging existing tools to continuously monitor and automatically collect both technical and non-technical evidence, organizations can create a real-time, unified view of their cybersecurity posture. This proactive approach aligns compliance with strong security practices, reducing the need for separate, burdensome compliance efforts.
“As cyber threats grow more complex, optimizing workflows and automating incident response is crucial. Automated systems can deploy patches or alert teams for manual intervention when a vulnerability is detected, followed by validation and resolution. This not only strengthens security management but also streamlines audits and compliance reviews, making it easier for organizations to meet regulatory requirements.”
Lynn Dohm, Executive Director at Women in Cybersecurity (WiCyS):
“During Cybersecurity Awareness Month, messaging to already-cyber-conscious audiences is often redundant. It’s time to take a different approach — one that focuses on students and builds real connections. To cut through the clutter, we need to simplify the message and empower the next generation to see themselves in cybersecurity. This month isn’t just about raising awareness; it’s about shaping the future leaders of this field.
Teenagers are much more likely to listen to someone closer to their age who they can relate to. They’re not going to engage with adults lecturing them about cybersecurity. To shake things up, this Cybersecurity Awareness Month, we’re showing young women that they belong in this field by mobilizing our student chapters to reach high school students directly. We’re showing them that cybersecurity is already a part of their lives and doesn’t have to be intimidating.
We’ve developed a Cybersecurity Awareness Month toolkit, backed by our top-tier partners, that these student leaders will take into high schools, breaking down cybersecurity into simple, everyday language. Many students don’t realize they’re already practicing cybersecurity when they use things like two-factor authentication. By having peers — people who were recently in their shoes — share this message, we’re making cybersecurity feel relevant and accessible. It’s not a big, scary concept; it’s something they’re already part of.”