The 20th Cybersecurity Awareness Month is upon us, and we’re taking the month to spotlight resources and The 21st Cybersecurity Awareness Month arrives at a critical juncture. With cybercrime damages projected to reach $10.5 trillion globally by 2025 and ransomware attacks occurring every 11 seconds, the stakes have never been higher.
This year’s theme continues to be “Secure Our World,” but equally important is how we recover when security fails—and it will. Pure Storage isn’t a security company, but we do protect what matters most: your data. Storage infrastructure can be the last line of defense, but it can also be the first thing to get you back in business.
Check back throughout the month for more insights and innovations to help you stay aware and resilient, and explore these resources we’ve published here on the Pure Storage Blog.
Cybersecurity Month’s Key Objectives in 2025
This year, Cybersecurity Awareness Month has identified some key behaviors to help individuals and organizations bolster resilience:
- Using strong passwords and a password manager. 81% of data breaches involve compromised credentials, and the average enterprise manages 87,000+ passwords across systems. This simple yet often overlooked aspect of identity management is everyone’s responsibility. Learn more in “Why Identity Is the New Network Perimeter.”
- Enabling multi-factor authentication (MFA). MFA can block 99.9% of automated attacks, yet only 28% of organizations have full MFA deployment. This and other security controls are aspects of zero trust architectures.
- Reporting phishing and known or suspected security incidents. AI-powered phishing attempts increased 1,265% in 2024, with deepfake voice scams targeting executives specifically. Knowing what and how to report suspicious emails or texts cannot be overemphasized—especially with unexpected new threats from AI-powered actors, scareware, and wiperware.
- Updating software regularly and installing the latest security patches on devices—collectively known as data hygiene.
These are all incredibly important foundations and behaviors to implement in any enterprise, but they’re also just the tip of the spear in defensive strategies. The backbone of cyber resilience comes from a foundation: a data-resilient security architecture deeply integrated with tech partners who can uphold the latest standards and frameworks.
Let’s dig in.
Resilience Starts at the Storage Level—Period
Recent attacks demonstrate that storage infrastructure remains a primary target. With 71% of ransomware attacks now targeting backup systems, traditional 3-2-1 backup strategies are no longer sufficient. But not all security architectures are created equal. If your security posture is like an onion, the more layers you have, the better. That means air gaps, security analytics and SIEM systems, data bunkers, and more. Check out these articles to learn more:
- Learn what a resilience architecture is and how you can build one
- Downtime Will Cost You: Why DRaaS Is No Longer Optional
- Better together: How Pure Storage’s security partners add to your arsenal
- The Overlooked Bottleneck in Data Visibility—And Its Impact on Cyber Resilience
Ransomware Resources
With security-related incidents such as ransomware becoming the top cause of data outages, security and IT operations professionals must work together to improve the resiliency of their IT environment. Stay ransomware-aware with:
- The Crucial Role of Data Forensics in Post-cyberattack Recovery—an often overlooked part of the recovery process that could render your storage arrays unusable during investigation.
- How to Set Up A Secure Isolated Recovery Environment
- Breakout Times Are Faster Than Ever. Are Your Security Logs Up to Task?
- How to create a cyber event response team—with insights from CISOs who have trained their own teams for the heat of battle
- What is Data Exfiltration?—a look at the risk of having sensitive data stolen and shared vs. deleted alone.
Data Compliance
With GDPR fines reaching €2.26 billion in 2024 and new state privacy laws taking effect quarterly, compliance isn’t optional. The EU’s DORA framework has been live since January, requiring financial services to prove operational resilience through testing—not just documentation.
While compliance standards can’t replace security best practices, they absolutely complement them and create a baseline for resilience and prevention. Brush up on the latest and how your data storage can play an active role:
- A look at the EU’s DORA framework and how it builds resilience
- Compliance vs. Security: Are They Mutually Exclusive?
- See how smarter storage can play a critical role in boosting compliance
- Some how-tos on data retention and deletion policies
CISO Insights and Expertise
CISOs report that 72% of board-level conversations now include cybersecurity discussions, up from 34% in 2022. With the average CISO tenure at around 18-26 months, proving ROI on security investments has become critical for careers. Here are some key resources to facilitate conversations between CISOs and IT:
- How Zombie Accounts and Non Human Identities Threaten Perimeters
- Too Many Alerts, Too Few Hands: Why SOCs Must Embrace AI
- A look at “internal” security gaps and cyber threats and how to head them off
- A CISO roundtable report packed with insights, hot takes, and predictions from leaders in the space
We don’t just prioritize security for one month a year, and we definitely don’t just help you store your data. Security is built into everything we do—and all of our products. Discover recently launched cyber resilience features from Pure Storage to give enterprise IT even more recovery and security capabilities, including:
- The Evergreen//One™ STaaS Cyber Recovery and Resilience SLA, the only SLA to ship clean arrays after an attack or event
- The new Pure1® Security Assessment
- Pure IAM 2.1
Check back as we feature more perspectives throughout the month.

The State of Cyber Resilience
Learn how 620 US-based IT security practitioners are approaching data storage security in the age of AI.
The State of Cyber Resilience
Learn the security strategies of 620 US-based IT security practitioners.




