Bites
For the busy executive that doesn’t have time to read lengthy articles but wants to stay on top of Cybersecurity strategies and thought leadership, Family-Driven Awareness Inc. proudly introduces our easily digestible bites of Cybersecurity knowledge. If you like what you see, please keep checking for new updates.
Playing on our emotions
I find that hackers love to play on our emotions, in particular. They love to get us really scared, happy, sad or angry so that we are not thinking straight. If you come across someone asking you for your sensitive information, and they invoke a strong emotion out of you, stop for a second, take a breath and ask yourself, “Was I expecting this? Does this make any sense at all?” If it doesn’t make sense, do not give away your sensitive information, even if it seems like you know the person asking for it.
One Weak Password Is All It Takes
Personal information of thousands of FedEx customers worldwide was exposed on the web due to an Amazon Web Services (AWS) cloud storage server which was carelessly NOT secured with a password. Many data breaches don’t involve sophisticated hackers – just a question of someone being careless. Despite all of the stories of breaches in the news, millions of people simply cannot resist the temptation of using “1234567” as their passwords or deny themselves the joy of clicking on those fun phishing emails. (MORE than 55,000 Snapchat users recently had their login details exposed online thanks to a clever phishing scam.) When it comes to Cybersecurity, we can’t afford to be careless. Cybersecurity is everything! Cybersecurity touches virtually every aspect of our network based activity, because in the digital economy, virtually everything is connected. That means that everything is at risk for a cyberattack.
Technology is not enough
If a hacker reaches out to us pretending to be someone we know or disguises a fake website to look like a legitimate one, and we willfully give them our information, passwords, gift cards, money and so on, our technology will have a hard time protecting us. Regardless of the technology you have, the only true defence for these threats, and the absolute best protection out there, is good cybersecurity awareness.
What do the bad guys want?
All cybercrime begins and ends with what the cybercriminal is targeting: your sensitive information. One of the best tips for cybersecurity awareness is to make sure you are aware of what information of yours is sensitive and remain especially careful with where you put it and who you allow to access it.
They Keep Winning Because We Think Nobody Falls For It
I just got an email from a very sincere sounding gentleman that wants to actually give me $5 million USD. He took the time to give me quite a bit of detail in his intro, let me share: “Hello Dear Friend, I am Col. Hussein Harmush, An Army officer from Syria but now living with the United Nations on asylum in Canberra city of Australia. I got your contact from Syrian-American Army officer who was injured in the ongoing Syrian war but died last week while receiving medical treatment…” I remember seeing these types of scams back in 2001 and unfortunately the truth of the matter is, these scams still exist today because they work. Even after all of the media attention on cyber scams, people still fall for these sorts of tricks. Here are a few simple rules to live by.
- If it’s too good to be true, it’s probably not.
- No one you don’t know will give you 5 million dollars (and in all likelihood, no one you do know will give you 5 million dollars either – and if they do, I want an intro!)
- Don’t assume that this is too basic to bother going over with your loved ones. People fall for these scams everyday and a simple conversation about this could prevent a lot of heartache.
It Keeps Happening
In the last week alone there have been at least seven reported data breaches. These breaches are happening at companies like Delta, Best Buy, Panera, and many others. Between January 2005 and March 2018, there have been over 8,800 breaches, according to the Identity Theft Resource Center. Combined those breaches exposed the information of more than one billion people. Many folks might think of cybersecurity as a specialized, niche career—not a skill that the average person should learn about. But that’s not the case. In an age where we manage more and more of our lives digitally, it means that anyone—in any career—should know simple things about keeping security up to par. At work, this will help companies maintain robust protocols. At home, it will help you protect your own information. Have you thought about security awareness training for your team?
Stats and Questions to ask Yourself
Interesting stat number 1: A study by Ponemon in February of 2018 found that 80 percent of cybersecurity and IT experts anticipate a catastrophic data breach at their companies by 2021.
Interesting stat number 2: According to the Ponemon Institute, the average time for breach detection is 191 days, i.e. more than six months.
Interesting stat number 3: According to the Global Cyber Risk Perception Study by Marsh and Microsoft from February 2018, only 30 percent of businesses have a cyber defence plan.
Interesting question: If 80% of us know a breach is coming, and know it will be catastrophic, how come 70% Don’t have a plan to react to it?
Interesting questions to ask yourself:
- If my organization is currently being breached, would I even know?
- Could I detect it sooner than 6 months, if at all?
- Do I know who at my organization has access to what data?
- Do I have a plan to react to a breach?
- Who could I contact regarding Legal services?
- Who could I contact regarding PR services?
- Who could I contact regarding Forensics?
- Who could perform an incident Response?
- Do I have cyber insurance?
- If so, what does it cover?
- Have I thought of any of these questions or others like them?
I’ve got a firewall I think I’m protected
Imagine if you lived in the most secure house in the world, with an impenetrable door and an impenetrable lock on that door. Your incredibly impenetrable house will do you little good if the criminal on the other end of that door tricks you into willfully opening the door every time they are there to rob you. And that is exactly what’s happening with the threats brought on by the digital age — meaning that it doesn’t matter if the technology you have is impenetrable to a hacker (which it’s not) because hackers are not hacking tech anymore. They are hacking people.
The Most Important Laws of Cybersecurity
Here is a quick lesson on how to run your organizations cybersecurity starting with the two most important laws of cybersecurity.
Law No. 1: If There Is a Vulnerability, It Will Be Exploited
Law No. 2: Everything Is Vulnerable in Some Way No matter what the concerns or problems are regarding cybersecurity, they all stem from a vulnerability of some kind, whether it be human, process, technical or other.
We need to understand our vulnerabilities and we need to understand what risks those vulnerabilities expose. Once we understand those risks, we need to determine whether we can accept, remediate or transfer that risk (via cyber Insurance) and most importantly we need to understand this in economic terms, so we can prioritize our remediation activities based on financial impact.
Medical information on the dark web
Medical information can be worth ten times more than credit card numbers on the dark web. Cyber criminals can use this data to create fake IDs to buy medical equipment or drugs or combine a patient number with a false provider number and file fictional claims with insurers.
Consumers often discover their credentials have been stolen a long time after cyber criminals have used their personal medical ID to impersonate them and obtain health services.
Credit card data theft, on the other hand, can be quickly reported to banks, which can act immediately.