That’s a Wrap: Key Takeaways from Cybersecurity Awareness

As we reach the end of October and the close of Cybersecurity Awareness Month, it’s a great time for all organizations to audit their cybersecurity practices and all employees to evaluate their cyber habits. This year’s theme from the National Cybersecurity Alliance and CISA focuses on staying safe online, ultimately Building a Cyber Strong America – and that’s a theme we need to carry all year long.  

This month we have explored how organizations can build a culture of cyber awareness and leverage the latest tools and best practices the market has to offer to sustain a secure future.  

Cybersecurity Awareness Month at a Glance 

To keep cyber practices top of mind for the months to come, we’ve created an infographic summarizing the key takeaways every organization should consider as they chart the best path forward in cybersecurity. Here’s a look back at the key topics:

1. What’s the common link in most data breaches? The human element. Passphrases can help.  

Credential abuse and social actions—like phishing—were major factors in cyber breaches. Analysis of infostealer credential logs found that 30% of compromised systems were enterprise-licensed devices.  

Applying NIST best practices to your passwords is an ideal first step to strong cyber hygiene. These practices for passwords suggest that the length of the password is the strongest indicator of safety. According to NIST, every additional character dramatically increases the number of guesses an attacker would need to try. NIST guidance recommends that a password should be at least 15 characters long. At 100 billion guesses per second, it would take a computer more than five hundred years to guess all the possible combinations of 15 lowercase letters. Think passphrases not passwords.  

2. Mitigating Cyber Threats with Zero Trust & Privileged Access Management 

The Zero Trust model is built on identity and access management at its core by continuously authenticating user and device identities, enforcing the principle of least privilege, and granting access only when necessary.  At Red River, we have a Zero Trust multi-vendor demo environment based on the CISA models where we can showcase different solutions working together to enhance security. 

Watch our video from the demo lab to explore a real world example that allows an organization to move past traditional credentials and manage access to critical infrastructure.  

3. The Benefit of a Zero Trust Workshop 

Organizations that engage in a Zero Trust workshop find a concrete process for organizing the complex and sometimes chaotic host of variables at play in managing security. Red River offers a step-by-step guide to defining a Zero Trust roadmap. The Workshop addresses: 

• Which existing vendors map to the Zero Trust framework 

• Any current gaps in technology 

• How to optimize existing or identify new vendors needed to address Zero Trust controls 

• The order of priority for addressing each control 

• When controls need to be in place and what level of maturity is required to meet federal mandates (for federal agencies and Department of Defense)  

 4. Preparing for Post-Quantum Cryptography Policies  

Federal migration to Post-Quantum Cryptography (PQC) is now a policy-driven priority. Although today’s quantum computers aren’t breaking mainstream encryption yet, the “harvest-now, decrypt-later” threat elevates risk to long-lived sensitive data. NIST has issued core PQC standards (FIPS 203–205), and federal direction from NSM-10, OMB M-23-02, the Quantum Computing Cybersecurity Preparedness Act, CISA’s ACDI Strategy, and EO 14144 (amended by EO 14306) defines the path forward.  

Federal Agencies must comply with multiple sets of guidance in preparation to combat the associated PQC challenges, and emerging tools can transition this from
a laborious manual process to an automated solution- driven approach.  

Get the full story of all our cybersecurity awareness month topics at-a-glance in our infographic and contact us for more guidance customized to your organization.