We all carry a unique burden as part of our work and depending on the profession, we are privy to the details of something that others do not.
The burden of seeing the entire picture while the world goes about their business is something like having an unpaid bill that you don’t have the money to pay or experiencing infidelity in a relationship while not saying anything.
I imagine that is what those in our military intelligence community feel during a crisis the public may (or may not) know about.
Or the team at the Centers for Disease Control as the news of a pandemic becomes clear and, yes, 100% of those that work in cybersecurity feel that they can see how perilous the threat landscape is while most do not.
So, concludes the strange dark analogies part of today’s read — to make sure we have your focus.
As we enter October, we are in cybersecurity awareness month, and it is time to set the alarm and see things as the IT pro sees them. Hackers use our own tools against us (email, phone, text, etc.) as a threat delivery system every day.
Because of this, we continue to be victims of extremely complex and concurrently embarrassingly simple cyberattacks. The Solar Wind/Orion hack we will put in the complex category: Hackers embedded a fake update in the supply chain of a massive tech company and the impacts were felt across the nation from Homeland Security Investigations to the Department of State.
It is alleged that the hackers had access to key systems for months before it was stopped.
We all know about the Colonial Pipeline hack (I assume), it was not as complex. Our nation’s fuel supply was disrupted because of a stolen password. If that company had two factor authentication enabled (hopefully you do) it would not have happened and it would have been stopped dead in its tracks. And one of the most frightening cyberattacks was when our water supply was almost poisoned in Florida by an attempted attack last year. We will call that one semi-complex.
As far as the embarrassingly simple hacks, if you have received an email that says to go buy gift cards from someone in your office, please do not, that is the simplest attack/con on earth. Someone told me the other day they replied to the email asking for gift cards, and they said it was real, so they were going to send the requested gift cards.
I explained to them that, yes, they said it was “real” because you are emailing with a hacker, not the real person.
Use your cellphone to find the real number of the person the email is from and confirm with a quick call to that person; do not use the phone number in the email as it is fake too.
In 2004, our government started Cyber Security Awareness month; the goal was to make things safer for you and me online. Since then, things have gotten worse, so this year’s theme from the Cyber Security and Infrastructure team is “see yourself in cyber.”
While the slogan sounds very government marketing-esque (that’s the best you could produce?).
The meaning is very much on point bottom line; cybersecurity sounds complex but is about us, the people.
Are you falling for gift card emails, clicking texts with malware, giving away your passwords over the phone, and opening every attachment that comes in via email?
If yes, then you are a huge part of the problem, and use October to join the fight against hacking.
Where to start? A password audit; if you use the same password anywhere, social media, bank etc.
Stop, use unique passwords for each online destination or account.
Do you have two-factor authentication enabled? If not, install DUO and enable 365 2fa on your email, too (for Microsoft users), it is in the cost of the license.
There are also advanced threat protection tools available that can block threats from happening if you click a malicious email; they will also strip emails out of your inbox that includes threats before you see them. These tools cost money so people don’t want the added cost in a lot of cases. That is unless they had a severe cyber incident, those people are buying everything available as we all should. Also, run updates and do not use legacy (old) operating systems.
As Americans living in the most popular state in the nation, Floridians are huge targets for hackers.
Take a minute in October to assess your cyber vulnerability.
Run an email phishing simulation to your staff to see who clicks, these are easy to do. Ask your team if their passwords are robust across the board, not just at work as it is all connected in one way or another. Also, there will be phishing attempts, fake fundraising, and scams in the aftermath of Hurricane Ian. Please have your guard up and attacks will increase as we get closer to elections and we all have to be beyond ready; try and see things from the hacker’s perspective (are you a target) and try and think like an IT expert, do your best to “see yourself in cyber” as CISA says.
Or ignore that last part, as that slogan may be the worst slogan of all time.
Be safe out there, trust nothing and verify everything.
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected]