The beginning of October marked the kick-off of the 13th annual National Cybersecurity Awareness Month. A joint initiative between American governmental bodies like the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security, alongside private organizations around the globe, it is an effort to empower digital citizens with the basic skills needed to secure their online presences.
While cybersecurity may have previously been a niche topic among IT professionals, it increasingly can be found at the center of mainstream political and cultural discussions. Take this month’s first American presidential candidates debate, where Trump and Clinton fired shots at each other over who could best defend the nation’s security against foreign hackers. Viewed by 84 million people, for many it reframed cybersecurity from an individual issue to a matter of international implications.
The fashion world, ever a thermometer of the popular zeitgeist, has also recently adopted hacking and cyber influences as a major trend. Cybersecurity is both figuratively and literally in vogue.
The reason is simple: as technology and the internet become more advanced and ubiquitous, so too will cyber criminals. Everything from our businesses to personal relationships to financial affairs are being managed through screens.
In the past, cyber threats were spread largely through self-replicating malware like viruses and worms. Today, they are more reliant on human error. Whether it’s socially engineered attacks such as phishing, spear phishing and whaling, insider threats from your own employees or the meteoric rise of ransomware, cybersecurity is becoming as much an issue of training and education as it is computer programming.
This is why events like National Cybersecurity Awareness Month are so important. While people may be talking the talk on cybersecurity, few are actually walking the walk when it comes to defending themselves and their companies — on the outside or the inside.
Internally, Crowd Research Partner’s Insider Threat Report found that 74% of organizations feel vulnerable to insider attacks yet only 42% have appropriate controls in place to prevent them.
Among external dangers, ransomware has become explosively popular among hackers in 2016 — with the FBI reporting a 300% increase over last year. It is set to cost businesses more than $1 billion in 2016 and is one of the fastest growing threats online. Cybercriminals love it, as each instance is only considered a petty crime in most jurisdictions. Local authorities will rarely budge for a single crime that appears to be of such a small scale.
Another major threat in 2016 is whaling, otherwise known as business email compromise (BEC) or CEO fraud. According to Risk Management Monitor citing Mimecast, there was a 55% increase in whaling attacks in early 2016. These attacks are often wildly expensive for companies; Computer Weekly reports that in the first half of 2016, whaling attacks cost US companies $3 billion in losses. Similar to whaling, spear phishing saw a 55% increase in 2015 according to Symantec’s 2016 Internet Security Threat Report.
So how do you protect yourself and your business against such a milieu of internal and external threats? As part of its STOP. THINK. CONNECT. campaign for National Cybersecurity Awareness Month, the NCSA suggests the following tips:
- Own your online presence: Set the privacy and security settings on websites to your comfort level for information sharing. It’s OK to limit how and with whom you share information.
- Get two steps ahead: Turn on two-step authentication –also known as two-step verification or multi-factor authentication– on accounts where available. Two-factor authentication can use anything from a text message to your phone to a token to a biometric like your fingerprint to provide enhanced account security.
- Keep a clean machine: Keep all software on internet-connected devices –including PCs, smartphones and tablets– up to date to reduce risk of infection from malware.
- Personal information is like money. Value it. Protect it.: Information about you, such as purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected by apps and websites.
- Share with care: Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it could be perceived now and in the future.
While these tips may be helpful, nothing can ever fully protect us in the constant and evolving war with cyber criminals. That said, by building a culture of awareness and vigilance, we at least have a fighting chance.
Happy Cybersecurity Awareness Month.