Cybersecurity is like the door ajar warning light on the console of a huge van going 80 mph down the freeway. Whoever’s driving the vehicle needs to pull over and close the door, but it’s in the back, it’s only slightly ajar, and at any rate, the van can keep going, so the driver figures they might as well just get to it later. But by the time they get to it, someone has already snuck in and made off with a crate of valuables to sell on the black market.
A new cybersecurity survey of businesses reveals 87 percent of respondents are “confident in their cybersecurity preparedness.” This comes at a time when 71 percent “had at least one breach in the previous year.” Types of breaches respondents reported included DoS attacks, fraud, insider attacks, and ransomware. The average cost of a single breach for SMBs was nearly $78K, for enterprises it was nearly $1 million.
Clearly, the door is ajar and many businesses (400 in the survey) naively think they know how to close it.
Businesses aren’t the only ones facing this problem. Schools face cyber attacks too. About 27 percent of schools allow anyone access to their open networks, and 54 percent don’t require antivirus software. In 2015, public schools in Miami were hit with a DoS attack that capsized a standardised test, and in 2016 hackers fooled a Canadian university into revealing bank info, which led to a loss of $11.8 million.
Governments play a complex role here. Some are victims of cyber attacks. Some are responsible for cyber attacks. Ukraine claimed Russia was behind a crippling attack in late June of 2017, and investigators produced evidence that Russia hacked the US presidential election of 2016, breaching voting systems in 39 states.
Governments may also stay quiet about vulnerabilities they’re aware of for strategic purposes, as was the case with the WannaCry attack. That attack was due to a leaked NSA “hacking tool” the agency had designed to exploit a software vulnerability. Microsoft President Brad Smith criticised the NSA for keeping the vulnerability a secret. The NSA wanted to keep it a secret for their purposes but had they revealed it; businesses could have avoided losing anywhere from hundreds of millions of dollars to $4 billion, depending on who you ask about the extent of the losses. The NSA should have educated businesses regarding the software vulnerability.
Educating stakeholders in schools, businesses, and government organizations is one of the best ways to decrease cyber vulnerability. In schools, stakeholders include teachers, administrative staff, students and parents—anyone who accesses school networks. Likewise, at businesses and government organizations, the list of stakeholders encompasses a broad swath that includes all who use the internet while at work, or at home on the device they use for work.
According to Ryan Brack of the Global Cybersecurity Summit, “The biggest bang for the buck that companies can make right now is communicating to their users, and that’s both their external users—or who they’re providing a service or product to—and their internal users. And the reason for this is that large majority of attacks come from user error—clicking on a nefarious link or opening an attachment that they shouldn’t.”
For businesses and government organizations, it helps for employees and administration to know the following:
Never give information to someone whose identity you’re unsure of: Many fraudsters simply lie about their identity and ask for information
Secure passwords: Don’t use the same password for multiple accounts, don’t write down Wi-Fi password where someone can see it, create passwords with abstract, impersonal words and/or combinations of random letters, symbols and numbers
- Don’t store important docs on a hard drive: A company server or the cloud is more secure
- Don’t click on links, ads, or email attachments that could cause damage: Phishing scams, malware, and ransomware all rely on ill-advised clicks
- Don’t use work email for personal matter
- Don’t install suspicious software or programs
- Keep antivirus software up-to-date and install OS update: Updates provide security patches
For both schools and businesses, one of the biggest issues is BYOD, in which a stakeholder’s device can compromise the network. It helps for schools to do the following:
Make sure BYOD policy is airtight: Make sure stakeholders must comply with security standards (such as maintaining antivirus software) to be able to bring their own device; establish a secure administrative network and keep sensitive data on it, and set up a guest network for all other uses
Use remote filtering tech: If you issue a device to students or employees and they take it off campus, they can get viruses when they use public Wi-Fi; remote filtering makes them go through a security gateway to access the internet with the device
Send files securely: Use security measures such as two-factor authentication when sending sensitive files via email
It’s important for IT and cybersecurity personnel to keep researching and implementing security measures. With continued vigilance, education, updates, and enforcement, your organization can be safe from cyber-attacks. Everyone must know what’s at stake. Awareness will help keep your network safe.