Cybersecurity Awareness Month 2025
Establish best practices you can sustain all year
For more than 20 years, the Cybersecurity Awareness Month campaign — led by the US Cybersecurity Infrastructure and Security Agency (CISA) and the non-profit National Cybersecurity Alliance — has encouraged organizations to deepen their commitment to cybersecurity education, training, collaboration, and planning. Whether your organization conducts employee training programs each October or sets aside time to run strategic security workshops, a few key initiatives can go a long way toward strengthening your defenses against the latest threats.
This year, fast-moving technology advancements are making it more important than ever to boost awareness and update your security strategy. Many of the predictions that technology leaders made at the end of last year are coming true: AI adoption has continued to accelerate, driving the need to augment security and privacy. Meanwhile, organizations are facing more AI-powered threats — from convincing phishing emails to large-scale distributed denial-of-service (DDoS) attacks. We’ve also seen recent attacks on supply chain vulnerabilities that have had widespread effects.
As a result, it is a critical moment to re-engage with your employees, vendors, partners, and customers on cybersecurity practices — and to re-evaluate your strategic planning. This Cybersecurity Awareness Month — and beyond — you can strengthen your security posture and prepare for immediate and long-term threats by following four best practices.
Engage and educate your organization
Even with all the advanced security tools available today, cybersecurity continues to rely deeply on people and culture. Use this time to emphasize the vital importance of cybersecurity and the responsibility every individual has in safeguarding your organization. Your employees should have both the skills to combat specific threats and the mindset for incorporating security into everything they do.
Make phishing education a top priority. As long as phishing and other social engineering tactics continue to be leading vectors for large-scale attacks, employees will remain a critical first line of defense. And with today’s AI-generated phishing emails, texts, and deepfake videos, employees need even more guidance on how to spot and stop these attempts at deception.
Another crucial aspect of employee awareness and education involves the secure and responsible use of AI tools and AI agents internally. Make sure employees understand which AI tools and use cases are authorized — and how to avoid exposing sensitive data to AI models.
At Cloudflare, we’re fortunate that cybersecurity is a core element of our business, so it’s already top of mind for our employees. But we still run multiple programs designed to further enhance awareness, provide education, and increase engagement in the collective cybersecurity effort.
Training: We conduct our annual — mandatory — employee privacy and security awareness training every October. Each year we create a new course that combines short, informational videos with interactive exercises and quizzes. We also incorporate recent real-world examples — from screenshots of actual phishing attempts to discussions of large-scale attacks — demonstrating threats in a more concrete way.
Informal education: Through internal communications and presentations at company-wide meetings, we often highlight the latest team initiatives for enhancing security — including “customer zero” projects, where we test new capabilities internally before offering them to customers. We also host informal in-person and virtual discussions, such as “lunch and learn” sessions led by our threat intelligence team, exploring new threats and trends.
Tabletop exercises: Throughout the year, the Cloudflare security team engages in “tabletop” exercises, informed by threat intelligence. These simulations of attacks and other security events help ensure that we have the best strategies in place for maintaining resilience.
Through all of these activities, we draw from real-time threat intelligence gathered through our global network. We also incorporate input collected by our internal security incident response team about top incidents we’ve seen during the year. We then share new intelligence and insights — for free — with all organizations, whether or not they are Cloudflare customers.
Collaborate with customers and vendors
No organization stands alone in cybersecurity. Beyond training employees and strengthening your internal security culture, you need to continuously work with partners and vendors to ensure you’re capitalizing on the latest technologies and implementing best practices to deal with rapidly evolving threats. Cybersecurity Awareness Month can be a time to re-engage with that partner and vendor ecosystem.
Regardless of the industry you’re in, taking the time to meet with customers to address their security concerns can help you better protect their data and maintain trust. Consider reaching out to customers during Cybersecurity Awareness Month to solicit their input and discuss common trends you’re seeing in the threat landscape.
Community collaboration has always been at the heart of Cloudflare’s mission to help build a better Internet — and our collaborative efforts are not just limited to October. Cloudflare participates in a wide variety of industry consortiums and collaborative efforts to proactively identify and defeat new threats. As we spot troubling trends or experience new types of attacks, we publish information and issue briefs that can help protect all organizations. And of course, we also build new capabilities into our services to fill any gaps.
For example, the recent Salesloft breach — which affected Cloudflare as well as our customers — drove us to strengthen connections between SaaS applications. We’re now working to consolidate SaaS connections via a single proxy so organizations can better monitor connections, and detect and respond to attacks.
We also contribute to our community through initiatives such as Project Galileo (which helps protect public interest organizations) and Project Cybersafe Schools (which provides free tools to small K–12 school districts in the US). Through these and other Cloudflare Impact projects, we are continuously supporting organizations in fields that are typically unable to invest in the most advanced cybersecurity technologies.
Plan for the near term
Use Cybersecurity Awareness Month to revisit your near-term security planning. Make sure you are well prepared for new threats that could impact your organization this year and next.
Start by taking advantage of free tools that can help you pinpoint emerging patterns in the Internet landscape. For example, the rise of machine-driven traffic and autonomous bot activity means that larger-scale and more sophisticated threats — including large DDoS and multi-vector attacks — are on the horizon. Understanding how the malicious traffic is shifting will help you decide how to prioritize your cybersecurity efforts and spending.
Because Cloudflare has visibility into 20% of Internet traffic, we have a unique perspective on how the Internet is changing and what threats are emerging. We offer Cloudflare Radar as a free service that provides data and insights that can help you plan for the next wave of attacks. For example, the 358% year-over-year increase in DDoS attacks that Radar observed should drive organizations to bolster DDoS protection.
Meanwhile, we offer AI- and machine learning–driven security capabilities, including both DDoS and web application firewall (WAF) protection, to help reduce the burden on teams to keep up with these rapidly arising threats. For instance, we deploy emergency WAF rules that protect organizations against zero-day vulnerabilities, giving your team more time to patch environments and enabling team members to stay focused on other threats.
Think long term
While near-term threats should be immediate priorities, Cybersecurity Awareness Month is also an important time to evaluate longer-term plans. You could take this time to launch multi-year initiatives aimed at security adopting new technologies and safeguarding your organization against future threats.
For example, as your organization continues to build AI applications and AI agents, implementing the Model Context Protocol (MCP) can help you efficiently and securely connect with sources beyond large language models (LLMs). You might also start implementing more comprehensive security measures to protect AI apps and agents across their entire lifecycle.
It’s also not too soon to start implementing post-quantum cryptography (PQC). Though it might be several years before cybercriminals can use quantum computers to defeat current encryption standards, they are harvesting sensitive data now to decrypt it later. The earlier you begin a multi-year PQC project, the sooner you will be protected from pre- and post-quantum threats.
Cloudflare offers an array of services that can help you get started with those longer-term projects. For example, you can now easily build a remote MCP server on Cloudflare. In addition, the Cloudflare AI Security Suite provides a unified platform for safeguarding AI apps, agents, and MCP server deployments across the entire AI lifecycle. And Cloudflare can help you seamlessly transition to PQC.
Make awareness and education continuous
The annual Cybersecurity Awareness Month campaign only lasts until the end of October. But of course, cybersecurity awareness, training, collaboration, and planning activities can and should extend past the last day of the month.
Incorporate security training as a key part of new-hire onboarding. Share insights on emerging threats with all employees promptly. Likewise, foster ongoing discussions with customers about security concerns and consistently fine tune your security strategy. Establishing year-round, sustainable processes will strengthen your organization’s defenses going forward.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn more about the latest threats and trends that require a shift in cybersecurity planning in the 2025 Cloudflare Signals Report: Resilience at Scale.
Authors
Rohit Chenna Reddy — @crohitreddy
Security Strategy & Chief of Staff to CSO
Jordan Lilly — @jlillss
Senior CSO Security Engagement
Key takeaways
After reading this article, you will be able to understand:
Why boosting cybersecurity awareness is critical in an AI-powered world
4 best practices for improving cybersecurity awareness, education, collaboration, and planning
How to extend programs beyond Cybersecurity Awareness Month