Cybersecurity and Social Engineering

One of the most fascinating (in a scary way) things I discovered recently was the casual approach to cybersecurity and social engineering (CSaSE).

I have offered at least 2 of my clients a FREE session on CSaSE (a $5000 value) and both have taken a casual approach to it with a “Sure, sounds interesting, let's talk about it”.

Are organizations prepared for what is out there today?

Are organizations taking it seriously?

It seems that one needs to be a target of a serious ransomware attack to spin their wheels and take immediate action. Of course, at the cost of significant data, time and financial loss. Is this human nature to ignore that, which is not immediately apparent or does not register as an immediate threat? Or do individuals live under the assumption of “There are so many bigger fish to fry out there, no one will target me or my small organization”

Wake up, folks! If you think there is someone sitting in front of a keyboard and googling potential targets, you are sadly mistaken. For sure there are targeted cyber attacks on targetted organizations for various reasons but, the bigger problem is bots. Bots are automated programs that run all day and night, scanning any vulnerability on any network including large organizations and dear Mrs Pepperpots. The sweetest neighbour who “doesn’t know much about computers”. Bottom Line: If you have a device connected to the Internet, you are a target.

Educate yourself on how to protect yourself because, yes, it COULD and probably will happen to you. It is not a matter of IF but rather a matter of WHEN if you do not educate and protect yourself.

Now let’s talk about social engineering a little. This is the scariest and saddest part of our world today. Gone are the days when we can openly talk about our pets, our kids, our hobbies, our favourite movies, actors, music, musicians, bands etc etc etc. All that a social engineering attacker needs to do is plug in those keywords (your favourites list…) into specialized software and voila! their chances of “guessing” your password(s) is exponentially increased.

I am not suggesting that one needs to live a paranoid life. However, here are a few suggestions:

• Please stop using passwords that have anything to do with your kids or pets or hobbies and please please, no birthdays
• “password” or “12345” in the most unacceptable password in existence
• Hard as it may sound, Use passwords that have numbers, characters and upper and lower case. Example: U8vE$1MjK
• One of the key things you will notice above (besides the fact that it has uppercase, lowercase, numbers and characters in it) is that this is NOT a common word found in a dictionary. In fact, it is not a word at all. A “dictionary” attack is a simple and basic hack that is first executed by a cyber attacker when they are trying to “crack” (guess) your password. Not using a common word or phrase (yes people, passwords like “IlikeWatermelonAndOranges” are equally unacceptable)
• Next common mistake: You have a complex password and now how do you remember it. Please don’t write it down in a diary labelled: My Passwords (yes, this is done more often than you can think). Instead, use the many secure “Password Vault” applications out there like 1Password.com (check it out).

Well, that is all for today. Stay tuned for future posts on this topic.