Why Cybersecurity is YOUR Problem

  • by

Everyone is talking about it, and nearly everyone has been affected by it in some way or another. Cybersecurity, whether people know its proper name or not, affects all of us as we become an increasingly connected world. Cybersecurity breaches are being disclosed by companies every day. People are getting attacked by ransomware more and more. It seems like the problem is exponentially increasing, and those of us in the cybersecurity profession seem not to be able to keep up.

However, I would suggest that while the number of attacks is astronomical and is steadily increasing, it’s not because we aren’t doing anything about it. However, it’s because people using a computer don’t know how to deal with it. People tend to think of cybersecurity as someone else’s problem. They believe myths like, “My anti-virus takes care of everything” or “I’m not a target so I won’t get hacked.” Thoughts like these are what is allowing attacks to come through and why cybersecurity is everyone’s problem.

The Cold, Hard Facts

Proofpoint, a cybersecurity company that focuses on the human element, states in their “Human Factor 2019 Report” that 99% of cyber attacks require a human to do something to make it successful. That’s an astonishing number. To put it into perspective, of the 765 million cyber attacks that happened in April, May, and June of 2018 [1], nearly 757 million of those attacks could have been prevented if the user obtained training on how to mitigate attacks.

There is definite room for improvement of technology controls, though, as well. 1% of those attacks still amounts to 7.6 million attacks that occurred in 3 months. This number of attacks is a massive amount that needs to be mitigated by cybersecurity vendors and professionals. As attackers get smarter, the white hats have to as well. We have to be agile and ready to respond to these threats as soon as we see them.

Awareness is Key

Organizations and individuals usually think that cybersecurity products will protect them. Home users believe that having an anti-virus on their system will protect them just like corporations assume that their endpoint protection and firewalls are the be-all for protecting themselves against malicious actors.

No alt text provided for this image

However, user awareness is one of the biggest things you can do for yourself and your organization. Ensuring that your users have the proper training on the basics of cyber hygiene can go a long way when it comes to preventing attacks.

Obtaining training for your users doesn’t mean you need to send your users to a boot camp and spend millions of dollars doing so. There are simple things that you can do to make your users and yourself aware of things not to do. Will this help you ultimately mitigate these attacks? Probably not. However, it’s a great place to be in, and as we saw above, it will reduce your chance of attack significantly.

The Basics of An Attack

I’m going to tell you a super-secret hacker tip. We have to be able to get in to damage you.

That’s right – if we can’t have access to your computer some way, there’s not much we can do. Sure, we can keep you from using your internet possibly or make your day go a little less grand than it is, but unless we can have access to your computer, there’s not much we can do.

No alt text provided for this image

Let me set up a successful attack for you. It’s an attack called phishing. Yes, it’s a weird name, but what it means is sending an email that isn’t legitimate to make you do something that you wouldn’t have otherwise done. Phishing attacks go something like this:

A hacker will either find something that is of interest to you or a project you are working on and send you something related to it. They may send you an infected Excel file that contains “sales figures” or something along those lines. They may send you an infected Word or PDF with a project outline or something you need for that new project you are working on. Or they might send you a link that they ask you to click on for one reason or another.

Contrary to popular opinion, you are not “hacked” at this point. If you delete the email, there’s nothing that happens (for most cases – there are some exceptions). Remember, we said the hacker needs access to your computer to damage you. Right now, he/she has nothing but an email that evaded spam filters and onto your machine.

The problem comes in when you click on that email’s link or file. What generally happens next is something executes on your computer (a script or a program), and it “infects” your computer. Now that hacker has access to your computer. Now the problems start.

How to Stop The Attack

So how do you stop an attack like this? It starts with the very beginning of what is called the “attack chain.” It begins before you even knew it began.

  1. Don’t Overshare. Yes, I’m talking about you, Facebook-holics. While it may seem cute that you are posting where you’re at and what you’re working on, it also tells hackers those details. They now know what they can email you about to get you to click on their link. If you have to share, make sure you set your privacy settings correctly so that only the people you want to see it do see it.
  2. Use a Strong Password. Just because you use a number, letter, symbol, upper case, lower case, and a drop of blood doesn’t mean your password is secure. Remember, this_is_my_new_unhackable_password is much stronger than p@$$WorD1. Need a way to remember the passwords? 1Password is a great program to help remember your passwords.
  3. Use Multi-Factor Authentication. Sometimes multi-factor (or MFA) is a hard thing to understand. You have your password, and you also have some other way to prove it’s you that’s logging in. Companies like Yubico and Authy can help you with this. I use them both.
  4. Always Use a VPN on Public Networks. If you’re not at your home, there are more than your family on that Wi-Fi network. Depending on how secure your computer depends on how many people can now see your Facebook password. Use a VPN like Private Internet Access or ProntonVPN when you’re on a network that isn’t your home network.
  5. Don’t Click on Email Links or Files. If you don’t know what a link is or don’t know that it’s coming from a reputable source, don’t click on it. Worried that a file might not be from whom you think it is, call them up to verify. Always, always always make sure if you get a weird email or chat from your “friend,” make sure you know it’s them.

Use a Cybersecurity Firm

If you’re not sure if you’re secure, you can always call up a cybersecurity firm to help you get to where you need to be. Companies like Craig Cybersecurity, LLC have experts on staff that are trained to help you be secure. You can learn more about how we can help here.

And, in the worst-case scenario, if you do get hacked, they can help you possibly restore your operations to where they should be. Stay safe out there.

References

  1. Snider, M. (2019, January 1). Your data was probably stolen in a cyberattack in 2018 – and you should care. Retrieved November 1, 2019, from https://www.usatoday.com/story/money/2018/12/28/data-breaches-2018-billions-hit-growing-number-cyberattacks/2413411002/.