Don’t Get Haunted by Hackers: Cybersecurity Awareness Month Tricks & Treats

October is Cybersecurity Awareness Month, and while the ghosts and goblins may be imaginary, the threats lurking in your inbox and networks are very real. This year’s landscape is affected by AI-driven attacks, supply chain vulnerabilities, and a persistent skills gap. We’re back with a fresh batch of Tricks (scary stats) and Treats (proactive tips) to help you and your organization stay safe in a digital world that’s evolving faster than ever.

Trick: AI is a double-edged sword. 50% of executives believe GenAI is accelerating adversarial capabilities like phishing, deepfakes, and malware.

(SentinelOne)

• Treat: While adversaries are leveraging GenAI to scale attacks, defenders can harness the same technology to stay ahead. AI-powered threat detection platforms can analyze vast volumes of telemetry data in real-time, identifying subtle anomalies and automated containment actions. By integrating AI into your security operations center (SOC), you enhance visibility, accelerate decision-making, and reduce downtime.

Trick: The skills gap is widening. The global cybersecurity workforce gap stands at 4.8 million unfilled roles, with demand outpacing supply.

(IC2)

• Treat: Organizations should invest in professional development through leading certifications such as ISACA’s CISA, CISM, CRISC, or ISC2’s CISSP, all of which build both technical and governance expertise. Cross-training IT, audit, and risk teams in cybersecurity fundamentals fosters collaboration and strengthens enterprise-wide resilience.

Trick: Ransomware remains relentless. 78% of organizations experienced a ransomware attack attempt in the past year, with 83% of those who paid being attacked again, and 93% losing data anyway.

(CSO and CrowdStrike)

• Treat: Ransomware recovery hinges on preparation, not payment. Organizations should maintain encrypted offline backups and routinely test restoration procedures to ensure data integrity and minimize downtime. Incorporating immutable storage and automated backup validation can further reduce the risk of corrupted or inaccessible recovery points.

Trick: Encrypted threats are harder to detect. 70% of malware is now delivered via encrypted channels, making traditional detection methods less effective.

(WatchGuard Threat Lab)

• Treat: Inspect encrypted traffic. As attackers increasingly hide malicious payloads within encrypted traffic, organizations must evolve their detection strategies. Deploying SSL/TLS inspection alongside behavioral analytics allows security teams to uncover threats without compromising performance or privacy. These tools maintain visibility across encrypted channels while reducing false negatives and blind spots.

Trick: Supply chain attacks are escalating. 40% of breaches now originate from third-party vendors, with attackers exploiting interconnected systems.

(SecureWorld)

• Treat: Vet and monitor vendors. Third-party relationships introduce significant risks, especially when vendors have access to sensitive systems or data. Organizations should conduct thorough cybersecurity assessments during onboarding, requiring contractual controls such as incident reporting, encryption standards, and access limitations. Ongoing monitoring and periodic audits help ensure vendors maintain compliance and adapt to evolving threats.

Trick: Cloud misconfigurations are costly. 23% of cloud breaches stem from misconfigurations, often due to human error or lack of visibility.

(Bluefire Redteam)

• Treat: Manual cloud configurations are error-prone and difficult to scale. Cloud Security Posture Management (CSPM) tools continuously scan for misconfigurations, enforce policy compliance, and provide real-time remediation. Integrating these tools into DevOps workflows ensures security is embedded throughout the cloud lifecycle.

Trick: Many organizations lack formal incident response plans. Only 42.7% of organizations have a formalized response plan that they test each year, and nearly 20% of organizations do not have a plan at all.

(TransUnion)

• Treat: An IRP should clearly define roles, escalation paths, and communication protocols. Regular tabletop exercises and post-incident reviews help ensure the plan evolves with your business and remains actionable under pressure.

Trick: Despite its effectiveness, only 54% of small and medium-sized businesses (SMBs) still do not use multi-factor authentication (MFA), and only 28% of those with access to MFA require its use. Alarmingly, more than half of super admin accounts lack MFA protection.

(Cyber Readiness Institute)

• Treat: MFA drastically mitigates the risk of unauthorized access via compromised user credentials. However, due to the increased sophistication of cybercriminals, organizations should now avoid using SMS (i.e., text messaging) as a one-time code authentication factor

when utilizing MFA to access information systems. If MFA is currently not required to access your information systems, it is strongly recommended that it be implemented immediately.

Trick: 60% of SMBs will go under in 6 months after a cyber-attack.

(CrowdStrike)

• Treat: Many SMBs often have the mentality of “they won’t come after us; they want the big fish.” But cybercriminals are looking for the easiest targets. SMBs are less likely to dedicate adequate resources toward cybersecurity risk management, which makes them easy targets for attackers to wreak havoc.

Trick: 43% of CEOs don’t view cybersecurity as a strategic business matter.

(ConnectWise)

• Treat: Failing to recognize cybersecurity as a strategic business matter may leave organizations vulnerable to significant risks, such as severe financial loss, reputational damage, and legal consequences. Integrating cybersecurity into the organization’s strategy helps ensure that the business has the appropriate safeguards in place to reach its goals, fostering resilience and long-term success.

How Centri Can Help

At Centri, our IT risk and cybersecurity advisory services are designed with your greatest assets in mind — your people. We’re here to offer you the support, resources, and expertise you need, exactly when you need it most. Our cybersecurity advisory experts collaborate with your senior management to:

• Assess cybersecurity threats and vulnerabilities to your organization via a comprehensive risk-based approach.

• Align your internal controls with recognized industry frameworks.

• Provide valuable insight and actionable takeaways & implementation plans.

• Serve as trusted risk advisors, including developing roadmaps to address the cybersecurity challenges that are unique to your organization.

You can’t predict what will happen, but you can protect your business. Contact us to learn how we can set your business up for success.