5 Ways National Cybersecurity Month Is Like Halloween

Mike Ogden

October is best known for Halloween, but October also happens to be National Cybersecurity Awareness Month. It’s a time to focus on how cybersecurity is a shared responsibility, and we all must work together to protect and improve our nation’s cybersecurity.

What does cybersecurity have in common with Halloween? Plenty. Here are 5 ways that cybersecurity and Halloween are alike.

Both can be scary and downright frightful

Halloween is scary, like watching Halloween 1-11 or other horror films. Tales of murderous creatures, catastrophic plagues and lethal encounters abound. Cyberattacks can be just as frightening, and real-world calamities can also have an impact on cybersecurity. A perfect example of this is Ransomware, which locks your computer and demands a payment to unlock it and give access to your data. It’s similar to the movie, IT, where Pennywise the Dancing Clown uses a balloon to lure kids and take them hostage. The best defense against ransomware is to keep your operating system current. If you’re a victim of ransomware, having a backup of all your data is akin to dodging the bullet. Pay the ransom? That may work – but no guarantees.

It’s trick or treat time

Trick-or-treating is one of America’s favorite pastimes. Kids dressed in costumes visit houses and ask “trick or treat” to receive candy. Interestingly, few opt for trick. For hackers, it’s all about tricking you, and it’s a treat to them when they succeed. Phishing uses email trickery to fool you into clicking a link or downloading an attachment. It’s a cybersecurity concern for both consumers and businesses. Whaling, a form of phishing, targets specific, high-ranking company officials. Prevention? Train your employees on how to detect and prevent cyber threats. Study phishing examples and be quick to question and confirm legitimacy by another means like Google searching.

Sometimes, the threat to watch isn't the danger outside – it's the friend who unwittingly lets the killer in. Vigilant businesses should practice good third-party cybersecurity to keep the creepers at bay.  

It’s a masquerade ball

Around Halloween, groups hold masquerade parties where guests dress up, and it’s anybody’s guess who is in the costume or behind the mask. Imagine a masquerade where everyone dressed in costume is a hacker except you – who’s not wearing a costume. Hackers thrive on remaining anonymous. For months, we didn’t know who was behind the WannaCry ransomware attack that held thousands of computers hostage worldwide in 2017. Now we learn that a programmer based in North Korea was behind it. Hackers mask their identity or assume the appearance of something one is not, the very definition of masquerade. 

Whose house gets egged and TP’d?

Vandalism happens on Halloween night. Sometimes, certain neighborhoods are targeted – the homes with the best treats locked inside. Often, it’s that one house on the street without any outside lights on or purposely doesn’t give out any candy that gets egged and TP’d. The correlation here is one house on the street that looks deserted is more vulnerable to vandalism than the other well-lit houses with security signs. It’s the same with hackers. They probe network defenses looking for the one network easiest to pilfer and launch DNS or DDoS attacks. Lesson: don’t be the business with the most vulnerable network on the block. Go above and beyond basic regulatory minimums, especially if you operate in a targeted industry like healthcare. Take this advice from DARKReading: “Businesses need to maintain constant vigilance on the techniques used to target them and continually evolve their defenses to industry best practices.”

Black cats vs. black hats

People associate Halloween with black cats. It has something to do with being a favored pet of witches and involved with dark magic. In cybersecurity, the evil entity is black hats. As this Wired article noted, black hats are criminals who break into machines and steal data, such as passwords, email, intellectual property, credit card numbers or bank account credentials. To battle the black hats, your business can retain white hats—the good guys in computing, who use their hacking talents to inform you of network vulnerabilities.

That’s 5 ways which cybersecurity and Halloween are alike, and it seems most fitting to share during National Cybersecurity Awareness Month. Cybersecurity is a personal and professional responsibility, by using different, strong passwords and two-factor authentication at home and work. Backup data hourly, daily or weekly, whatever makes sense for you or your organization. Count to 10, not to calm down but to think twice before clicking on a link or attachment.

Download the Cyber Security Awareness Kit Today


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.



Bipartisan Legislation to Strengthen & Expand Whistleblower Protections

On September 23, 2019, a bipartisan group of senators introduced the Whistleblower Programs Improvement Act (WPIA). The WPIA expands the definition of a whistleblower and modifies the timeline for processing applications for whistleblower awards at the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC). Learn more.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Hotlines & Headlines: How Your Whistleblower Hotline Usage Correlates with Media Exposure

Research from George Washington University and University of Utah found a clear association between strong internal hotline reporting systems and improved business performance. Now, new findings by the same researchers show that companies with higher report volume also are the victims of less negative news coverage.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.