The Thorn in My Website: Cybersecurity Awareness Month

cybersecurity_AI

How savvy are you when it comes to Cybersecurity?

October is a month devoted to Cybersecurity Awareness. In Europe, EU Member States, public and private organizations, and ENISA together with the European Commission support the European Cybersecurity Month (ECSM). ECSM aims to empower citizens and organizations by promoting a better understanding of cybersecurity, raising awareness and sharing best practices for digital safety.

In celebration of Cybersecurity Awareness Month, we created some short quizzes on LinkedIn to sharpen your cybersecurity instinct and highlight the “thorns in your website”, as ENISA put it. Let’s review your answers and explore deeper.

#1 Thorn: Phishing (AI-Enhanced)

How are attackers using AI today? Μost of you voted that attackers use AI to write better phishing emails (54%) and you’re absolutely right. According to ENISA it can be observed that large language models (LLMs) are used to create more convincing phishing emails. By early 2025, AI-supported phishing attempts reportedly represented more than 80 percent of observed social engineering activity worldwide.

However, the truth goes even deeper. AI is now a “force multiplier” for cybercriminals, helping them:

  • Craft more convincing phishing and social engineering attacks.
  • Automate reconnaissance and vulnerability scanning.
  • Evade detection through smarter malware.
  • Scale operations faster than ever before.

More specifically, according to ENISA, phishing can occur in many ways, such as deploying fake CAPTCHA prompts on compromised or fraudulent websites, which trick users into executing commands under the pretext of human verification. Furthermore, phishing-as-a-Service platforms, which are designed to automate the generation of branded phishing kits by cloning login pages and distributing links have enabled cybercriminals and other cyber threat actors to imitate trusted brands and trick users

This October, European Cybersecurity Awareness Month is devoted to phishing as it remains the most common way attackers gain access, accounting for around 60% of initial intrusions according to (ENISA Threat Landscape 2025). Watch out for different types of phishing and scams, including:

  • Quishing: QR code phishing
  • Spearphishing: targeted phishing
  • Smishing: SMS text phishing
  • Vishing: voice-based phishing
  • Whaling: top leadership phishing
  • BEC: business email compromise scams
  • Deep fakes: AI-based scams

Pro tip: AI isn’t replacing human hackers. It enables them to be faster, stealthier and more efficient. As defenses evolve, so do the attacks. That’s why the future of cybersecurity isn’t AI vs AI. It’s “humans and AI” working together to detect, defend and adapt.

#2 Thorn: Shadow IT

When an employee uses a cloud tool without IT approval, even with good intentions, it opens the door to security and compliance risks, from data leaks to lack of visibility and control. 91% of you recognized this issue as “Shadow IT”. “Free” tools may boost productivity (as noted by 4% of your votes) and may seem harmless, especially with no credit card required. However, they can expose sensitive company data stored in unmonitored environments, even when in the cloud (as mentioned by another 4% of you).

The solution?

  • Educate teams on secure tool usage.
  • Implement clear cloud governance.
  • Adopt solutions that balance employee flexibility and security.

Pro tip: In cybersecurity, what you don’t know can hurt you.

#3: Unawareness

When employees lack cybersecurity awareness, they can unintentionally become enablers of cyber incidents. Unawareness increases vulnerability to phishing and social engineering, leads to unsafe digital habits and delays threat reporting. It can also expose organizations to compliance risks.

Are you aware of the anatomy of a data-oriented cyberattack?

  • Reconnaissance: Hackers scout for vulnerabilities.
  • Infiltration: Phishing or malware opens the door.
  • Lateral Movement: Attackers spread inside the system.
  • Data Exfiltration: Sensitive data is stolen or encrypted.
  • Business Disruption: Financial loss, downtime, reputational damage.

When users understand how a cyberattack unfolds — from the initial lure to data exfiltration — they become active defenders rather than passive targets. Awareness turns into a powerful layer of defense, enabling employees to spot red flags, act faster and break the attack chain before it spreads. In this way, user education directly strengthens an organization’s overall cyber resilience.

Pro tip: Building awareness through continuous training transforms employees from potential weak points into proactive defenders, strengthening the organization’s overall cyber resilience. Moreover, a strong incident response plan can detect and contain attacks before damage is done.

Don’t forget to celebrate Cybersecurity Awareness Day!

Do you want more info about Neurosoft’s Security Awareness Training services?

You might also like
cybersecurity_effectiveness_threatThe Key Factor in Choosing a Cybersecurity Solution?
NIS 2_complianceNIS 2: Compliance at a Glance
complianceCompliance with NIS 2: A Starting Point to Cyber Resilience
CrowdStrike_risk management2024 CrowdStrike Incident: Do You Effectively Manage your Third-Party Vendors?
cybersecurity_phishing_remoteAwareness: Your Summer Security SPF
vCISOvCISO and the future of Cybersecurity

Corporate Responsibility.  Careers Certified Quality.  Privacy Policy.  Whistleblower Policy

Pink@Work: Awareness Doesn’t Stop at Cybersecuritybreast cancer awareness