Cyber Security: Keep It Simple, Security
I know, I know. You’re sick of hearing about cyber security risks. Is the sky falling? Is it just hype? Are all the Cyber Sirens running around screaming about the risks just paranoid, hyper-vigilant lunatics who get off reading threat briefs? Maybe.
As one of those Cyber Sirens, I’m concerned we’re causing more harm than good. According to a recent study from the National Institute of Standards and Technology(NIST) the general public is suffering from “security fatigue.” It makes sense.
People get weary from being bombarded by ‘watch out for this or watch out for that.’
I think it’s more than fatigue. It’s being overwhelmed not only with news of dangers but a whole new language. Few people know the difference between a “white hat hacker” and a “black hat hacker.” Much less the difference in ransomware versus malware. And what the heck is Crypto?
Keep It Simple, Security
So, let’s Keep It Simple, Security. Before freaking everyone out about the lurking dangers on the internet, let’s break down the need-to-know jargon.
- Malware is a general term used to describe a variety of malicious software. This could be anything from a virus to spyware. Chances are that you have contracted some form of malware during your user lifetime. Most are easily contained with up-to-date anti-virus software.
- Ransomware on the other hand is a form of malware that is more insidiously intentional. It is designed to hold your systems, data and/or applications hostage for a sum of money. According to an explanation from KnowBe4:
Since 1989, ransomware has become the number one security risk to businesses and users.
I Don’t Have Data Anyone Wants
Now, you’re probably thinking that your business isn’t even big enough to attract malicious hackers. I would beg to differ. Ransomware is increasingly targeted at small business providers. Why? Well, third party vendors are easier to infiltrate than the big businesses they serve. You probably have more data and/or sensitive information than you realize. This information may not mean much to you, but could be valuable on the black market. (Think old school insider trading)
- Phishing Odds are that you know what a “phishing attack” means. Phishing has now become a general term for any method of eliciting personal information or installing malware from an unsuspecting user, traditionally via email. But now there is Vishing (Voice Phishing), Smishing (Social Media Phishing) and I fully anticipate phishing though connected devices…Dishing? IoTishing?
The Biggest Threat…You
This brings me to the greatest risk any security system faces — people. Sure, we can all point to the user who uses an easily hacked password or leaves the door unlocked. But those are rare. We’ve all gotten much wiser these days. Password and 12345 are not good passwords.
- Social Engineering is still a foreign concept to most. Yes, it’s as old as the original Trojan Horse, but it’s application in modern life is often overlooked. According to WebRoot, Social Engineering in Cyber Crime is an attempt to,
[…] trick you into giving them [Criminals] your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.
I think Social Engineers are more strategic than we give them credit. It’s unlikely that they would directly target the individual they want to harm. Instead, social engineers will go after those close to you, those who unwittingly slip information. The doorman who mentions that you leave your door unlocked when you take out the trash. The co-worker who gossips that you leave work early on Fridays. The friend who knows 2 out of 3 answers to your secret questions used for password recovery. I’m not saying we should all be paranoid, hyper-vigilant lunatics, but a healthy dose of caution could be the difference between sleeping soundly and becoming an example like one of these 7 Best Social Engineering Attacks Ever.
Hopefully, I haven’t overloaded you to the point of fatigue. Take this IT Security Quiz to answer “How secure is your business?”