The Log4j vulnerability has demonstrated the importance of supply chain security. In this blog post we consider the best course of action that companies can take to protect their software supply chain.
Most people claim to know how important IT security is. The reality is somewhat different. Demands on employees time are high, there are millions of distractions and somehow the backup at the end of the day is forgotten. A reminder of the many threats facing professional and personal data (and bank accounts) can come in useful. The European Cyber Security Month (ECSM) is an entire month dedicated to promoting cyber security and will take place throughout Europe in October. The goal of the ECSM is to sensitize citizens, companies and organizations through various events on cyber security. The campaign is organized by the European IT security agency ENISA (European Union Agency for Network and Information Security) and many European countries will be participating and contributing to the broad scope of the program. The key message behind this year’s program is to promote cyber security as a shared task between manufacturers and regulatory organizations, as well as consumers and business users.
Since the ECSM was piloted in 2012, the activities and participants have grown in number and diversity − ECSM 2015 held 242 activities in 32 countries. The Federal Office for Information Security (BSI) in Germany has worked with the ENISA to promote the activities of various partners and achieve a wider public impact. The BSI acts a coordinating body for German partners in the program. European Cyber Security Month offers participants the perfect setting to draw attention to their organizations and cyber security projects. The project website for 2016 lists 371 events and activities including webinars, bar camps, talks and competitions – some of which are running for the whole year. Germany is the most active participating country with around 200 events.
The BSI will be focusing on a specific topic each week during the ECSM:
- October 1–8 2016: Secure payment online
- October 9–15 2016: Recognizing cyber threats
- October 16–22 2016: Fit in IT security
- October 23–31 2016: Securing mobile devices
The BSI lists 72 events which are categorized by the the needs of users, businesses, government and scientists. This list is an easy to use resource for IT departments. Since almost all the events offered are online and for free, it makes sense to send employees links and invitations to appropriate events, or to draw inspiration for your own events. Not every employee has the time to take 30 minutes to attend a security webinar during the working day but anyone can be expected to read a two-liner reminder from IT management about the importance of cyber security and the potential consequences of security lapses. For those companies who lack the time and budget for a full-fledged awareness campaign, sometimes even small efforts are enough to boost security. The ECSM is definitely a worthwhile opportunity for increasing security awareness.