October is Cybersecurity Awareness Month in the United States as announced by the US federal Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).
Homeland Security Secretary Kristi Noem described cyber as ‘a critical theatre’. She said: “Every day, bad actors are trying to steal information, sabotage critical infrastructure, and use cyberspace to exploit American citizens. Taking down these threats requires a strong private-public partnership, and the reforms we’ve implemented at CISA have empowered them to work with all of our partners to take down these threats and make America cyber secure again. This Cybersecurity Awareness Month is the time for us to continue our efforts to build a cyber strong America.”
Best practices
Among best practices recommended by the DHS and CISA were:
– recognise and report phishing: Stop scams before they spread.
– strong passwords: Long, random, unique passwords.
– turn on multi-factor authentication (MFA): Add a layer of defence.
– update software: Patch known vulnerabilities before attackers exploit them.
Comments
Awareness is no longer the problem, says Edwin Weijdema, Field CTO EMEA, Strategy and Cybersecurity Lead at Veeam. He said: “While it’s an admirable initiative, the regular big-name cyber attacks that have become a mainstay in global news have done the job for it, keeping cybersecurity front-of-mind for businesses across the world. Instead of awareness, we need to turn to preparedness.
“Organisations might have implemented cybersecurity measures after seeing headlines or simply to stay in line with regulation, but too many incident response plans still remain built on hope rather than substance. Think of it like a fire drill, you might have got the visible elements such as the extinguishers and alarms in place, but in practice, do they actually work?
“Awareness might have pushed organisations to get the right tools, but now it’s time to ensure security teams know how to use these tools during a cyberattack. Testing those tools within incident response plans is essential. For some, such tests could expose hidden blind spots, and for others, they could simply boost organisational confidence in data resilience. Different organisations will be at different stages along the data resilience maturity journey, but what matters is that they are all moving in the right direction: from being aware of cyber threats, towards being genuinely prepared.”
And Danny Allan, Chief Technology Officer at Snyk, said that as AI embeds deeper into software, it introduces a new class of cybersecurity risks. He said: “Models can generate code with hidden vulnerabilities, while AI-native applications create opaque dependencies and blurred trust boundaries. Without rigorous governance, review, and validation, organisations adopting AI expand their attack surface, weaken access control, and heighten the risk of breaches. This isn’t hyperbole, it’s fact.
“This Cybersecurity Month, we should be thinking beyond protecting systems in the traditional cybersecurity sense, to securing the entire AI development lifecycle from the initial training data used to runtime behaviour. That means shifting security left as a baseline, applying rigorous testing to AI-generated code, and adopting tools that are explainable, transparent, and aligned with privacy regulations. Where GenAI itself is used in the development processes, it must be paired with guardrails of AI-powered AppSec tools like symbolic AI to keep GenAI under governed control.
“Cybersecurity is no longer about risk mitigation. It must underpin earned confidence in innovation. Unguided GenAI is pretty much a guarantee of future problems. It’s time for developers to trust the delivery of AI that’s fit for purpose and tame the GenAI hydra many rushed to incorporate in their workflows. Ultimately, that’s how everyone stays safe as developers in business or consumers online.”
Retail view
Shopify’s Managing Director, EMEA, Deann Evans said that in retail, targeted threat detection has never been more important. “Retail consistently ranks among the top six industries most vulnerable to cyberattacks, facing threats like credential phishing, supply chain compromises, and increasingly sophisticated session hijacking. Retailers must adopt a proactive, layered security approach to mitigate these evolving risks.
“One strategy is simplifying the technology stack. Reducing complexity helps minimise the attack surface, and makes it easier to monitor for anomalies. For example, using consolidated device types can enhance visibility, tighten access control, and improve response times. Retailers should also look to integrate AI-powered threat detection and response systems into their security operations. These tools are especially effective in targeting advanced attacks, such as session theft, that traditional tools may miss. AI tools can augment human capabilities, allowing teams to respond faster, and more precisely.
“Ultimately, cybersecurity is a shared responsibility. Building a security-first culture is just as important as the tools in place. Investing in awareness and embedding security into daily operations enables each individual in a business to play a role in protecting the business and its customers.”
