The Cyber Learning Curve
by Juline Horan
Cyber attacks occur every thirty-nine seconds and impact one out of every three Americans annually. This trend shows no sign of stopping and has only been accelerating in recent years. For those stuck in the past, it’s time to realize that the golden age of Cyber Security is over and that we all need to be on the offensive.
How have Cyber attacks become so prevalent? Part of the problem is a basic lack of understanding and most people have a limited knowledge of what it entails, which has led to vulnerabilities. In a nutshell, Cyber Security refers to the ever-evolving and changing field of tracking, analyzing, and countering digital security threats using a mixture of physical espionage and modern information technology defense. The key to finding success with Cyber Security is an appreciation for its constant change; one cannot rest or solely rely on past securities to prevent future attacks.
Within this ever-evolving field, the degree and type of threats range wildly, reinforcing the need for Cyber Security professionals, be they within a government agency or commercial organization, to continuously mature their Cyber Security position. As frustrating as it may be to acknowledge, in today's world, anyone is a potential victim. Even the smallest organizations are not immune from attacks.
Cyber threats come in various forms and are typically classified in four different ways:
- Phishing and Spear Phishing
- Stolen Credentials
- Malware Attacks
- Brute Force Attacks
- Phishing, or Spear Phishing, the most common attack type, is the practice of sending emails from a seemingly trusted source to gain personal information that will be then used to gain access to information that the attacker is not authorized to have. As a baseline, installing a multi-factor authorization and a multi-step login process can prevent this attack.
- Malware attacks are perpetrated by malicious software that is downloaded to a system without the user being aware of its presence. The primary objective of malware is to steal, encrypt, or delete sensitive data from the user’s system.
- Brute Force attacks include those made by cybercriminals who use trial and error to guess your password. The best way to thwart Brute Force attacks is by creating complex passwords and a limited number of password entry attempts.
The impact of Cyber attacks is not limited to financial loss. There can also be psychological impacts on the victims, making Cyber Security an even larger societal issue. After a security breach or an attack, workers and cyber security professionals can be left feeling depressed, ashamed, embarrassed, guilty, and frustrated.
For organizations, good Cyber Security means remaining alert to potential internal attacks as well as the external. While not automatically evident of internal criminal behavior, it would be wise for employers and employees alike to be mindful of significant changes in their colleagues, such as outward signs of financial success, a shift in attitude toward the company, or a dramatic personality change. Such changes could indicate a potential problem that may become a Cyber Security issue. Restricting employee access to vulnerable information is one way to minimize internal risks.
Fortunately, there are many relatively easy policies and procedures that can be adopted to provide a start on securing an organization, including:
- Establishing a password protocol that requires both regular updates to passwords and the creation of complex, varied character passwords.
- Applying the latest updates to all systems to avoid vulnerabilities.
- Downloading approved antivirus and/or anti-spyware on all systems and computers.
Sadly, the threat of Cyber Security attacks is here to stay. Bad actors will continue to learn and develop more sophisticated attack tools enabling Cybercriminals and hackers to commit their attacks. Given what we know about this threat, it is critical that we accelerate the learning curve for Cyber Security professionals, and arm them with the tools and knowledge they’ll need to spot an attack and take the necessary steps to prevent future attacks if we are to keep up with attackers.