What a good month: pumpkin spice everything, morning runs that finally let you breathe without 98% humidity, and, of course, Cybersecurity Awareness Month!
Every October, for the past 20 years, the Cybersecurity and Infrastructure Security Agency (CISA) has spotlighted simple ways people can protect themselves online. The goal is to show how small, everyday actions reduce risks when we’re online or using connected devices.
This year, CISA’s campaign highlights the role of government entities and small to medium businesses in protecting the systems and services that sustain us daily. Much of the nation’s critical infrastructure is owned and operated not just by federal agencies, but by state, local, tribal, and territorial governments, along with private companies.
As a state university, UMD fits right into this picture. And so does every one of us who is part of it. Over the last few months, we’ve talked about small steps that make a big difference. They're summed up into a Core 4, four easy actions that anyone can take to boost online safety:
- Use strong passwords and a password manager
- Turn on multi-factor authentication
- Recognize and report scams
- Keep your software updated
But to make this week’s article a bit more interesting, let’s also look at what’s been happening over the past 9 months of 2025, and why cybersecurity awareness matters now more than ever.
- Cybersecurity budgets are tightening. Despite the increasing number of attacks, industry analysts report that budgets for cybersecurity are stalling. Growth has slowed from 17% in 2022 to just 4% in 2025, far out of step with the threat landscape. To make matters harder, there’s a global shortage of cybersecurity talent, making it both difficult and expensive to hire experts. The result? Many organizations are leaning more heavily on AI to bolster their defenses.
- AI is raising the stakes. Generative AI helps defenders, but it’s also being used by attackers for advanced phishing, identity theft, and exploiting new security flaws. Stolen credentials remain the easiest way in, making people the weakest link.
- Impersonation attacks are on the rise. Groups like Scattered Spider have targeted major companies by pretending to be employees or contractors, tricking their way into IT systems.
- Deepfakes are now mainstream. As we discussed back in May, AI-generated videos and voices are giving social engineering scams a new level of believability.
- Ransomware is costly and disruptive. Just ask UK retailer M&S, whose systems were down for 15 weeks after an April attack, costing an estimated $300 million in annual profits. For a university like ours, that kind of disruption could derail teaching, research, and campus services.
- Global impact is real. In September, cyberincidents caused travel chaos across European airports, a reminder that no sector, and no person, is fully insulated.
The takeaway? Cyberthreats don’t take time off.
As the federal lead for Cybersecurity Awareness Month, CISA is urging everyone to take one action today to improve their cybersecurity. At UMD, that means each of us, students, faculty, and staff, can help protect the university’s mission of learning, discovery, and service.
Over the next few weeks of October, we’ll continue breaking down cybersecurity into small, easy-to-digest bites. In the meantime, enjoy your PSL…securely.