Cybersecurity Blog
Thought leadership. Threat analysis. Cybersecurity news and alerts.
IntroductionDefining CybersecurityCybersecurity refers to the practices, strategies, and technologies used to protect digital data and systems from attacks, unauthorized access, damage, or even data theft. It's a broad term encompassing everything from preventing email phishing attacks to securing a network against sophisticated cyber threats. The Crucial Role of Cybersecurity in BusinessIn an era where businesses are increasingly digital, cybersecurity has become a non-negotiable. Businesses of all sizes now deal with sensitive customer information, internal documents, financial transactions, and more—all of which need to be secured. A breach can lead to severe consequences, including financial losses, damaged reputation, and loss of customer trust. This article underlines the importance of understanding and implementing cybersecurity in a business environment. Overview of the ArticleThis article will provide a detailed, business-centric breakdown of cybersecurity's critical components. It will take you through the basics of cybersecurity, explore its key elements, delve into how cybersecurity contributes to business success, look at emerging trends, and present a case study highlighting successes and failures. The goal is to offer a clear, comprehensive understanding of cybersecurity and why it is crucial for your business. Understanding Cybersecurity: The BasicsThe Evolution of CybersecurityAs technology has evolved, so too has cybersecurity. Initially, cybersecurity was merely about safeguarding personal computers. But with the explosion of the internet, smartphones, and now cloud computing and IoT devices, cybersecurity has become a complex and multifaceted field. It's no longer a niche concern—it's now a fundamental part of running a successful, sustainable business in the digital age. Key Concepts in CybersecurityThere are several core concepts to understand when considering cybersecurity. These include but are not limited to Confidentiality (protecting information from unauthorized access), Integrity (maintaining and assuring the accuracy of data), and Availability (ensuring information and systems are accessible when needed). These concepts, often called the CIA triad, are central to any cybersecurity strategy and help provide a framework for thinking about cybersecurity from a business perspective. Cybersecurity and Business OperationsCybersecurity has profound implications for business operations. Without effective cybersecurity measures, businesses leave themselves open to cyber threats that could disrupt operations, lead to data breaches, and ultimately harm their bottom line. An understanding of cybersecurity isn't just for IT professionals—it's necessary for leaders across all departments to make informed decisions about risk, investment, and strategy. The Critical Components of CybersecurityNetwork Security
Information Security
Operational Security
End-User Education
Incident Response
Business Continuity Planning
The Role of Cybersecurity in Business SuccessCybersecurity as a Business Credibility BoosterDemonstrating strong cybersecurity measures can significantly enhance a business's credibility in the modern digital landscape. Customers, clients, and partners want to know their sensitive data is secure. Firms with robust cybersecurity measures are often viewed as more trustworthy and professional, which can differentiate them from competitors. Customer Trust and CybersecurityTrust is a cornerstone of customer relationships. With data breaches and cyberattacks becoming more commonplace, customers are becoming more concerned about their data's safety. A strong cybersecurity posture can reassure customers, enhance their trust, and influence their decision to do business with you. Financial Implications of Robust Cybersecurity MeasuresWhile investing in cybersecurity requires financial resources, the cost of ignoring it can be exponentially higher. Data breaches often result in financial losses due to regulatory fines, loss of customer trust, and operational disruption. On the other hand, a strong cybersecurity infrastructure can protect a business from these losses, making it a sound financial strategy. It's a case of 'better safe than sorry.' Emerging Trends in CybersecurityAI and Machine LearningArtificial intelligence (AI) and machine learning are becoming indispensable tools in the cybersecurity arsenal. They can analyze vast amounts of data to detect unusual patterns, identify potential threats, and respond to them in real time. Businesses are increasingly incorporating these technologies into their cybersecurity strategies to stay ahead of increasingly sophisticated cyber threats. The Rise of Zero-Trust ArchitectureZero-trust architecture is a security model that requires all users, even those inside the organization's network, to be authenticated, authorized, and continuously validating security configuration and posture before being granted or keeping access to applications and data. This approach minimizes the chances of internal threats and data breaches and is increasingly being adopted by businesses of all sizes. Blockchain TechnologyBlockchain technology is most famous for cryptocurrencies like Bitcoin, but it also has potential applications in cybersecurity. Its decentralized nature makes it difficult for cybercriminals to execute an attack. Furthermore, the blockchain's inherent transparency can provide a reliable and tamper-proof record of transactions or events. It is a promising technology for securing digital identities, protecting data integrity, and enhancing privacy. Case Study: Cybersecurity Successes and FailuresAn Example of Successful Business Cybersecurity ImplementationConsider the case of a leading online retailer that faced increasingly sophisticated cyber threats. By investing in advanced cybersecurity infrastructure, including AI and machine learning technologies, the retailer was able to detect and mitigate threats in real time. Their commitment to cybersecurity also included a robust incident response plan and regular employee training, which minimized human error. As a result, despite being a prime target for cybercriminals, the retailer has successfully maintained its reputation and customer trust, and it serves as a model for effective cybersecurity implementation. A Lesson from a Cybersecurity FailureOn the other hand, consider a global financial firm that experienced a significant data breach, which exposed sensitive customer information. The breach resulted from outdated security infrastructure and a lack of employee training. The repercussions were severe, including financial penalties, a damaged reputation, and a loss of customer trust. This example illustrates the potential consequences of neglecting cybersecurity and is a stark warning for other businesses. ConclusionIn today's interconnected world, cybersecurity is not just a buzzword but a critical component of business success. Understanding what cybersecurity entails and how it impacts various aspects of business operations is essential for all organizations. This article has provided a comprehensive breakdown of cybersecurity's critical components. From network security and information security to operational security, end-user education, incident response, and business continuity planning, each component plays a vital role in protecting a business from cyber threats. Furthermore, cybersecurity is about safeguarding data and systems and directly impacts business credibility, customer trust, and financial stability. Demonstrating strong cybersecurity measures can boost a business's reputation, enhance customer trust, and mitigate financial losses resulting from data breaches or cyberattacks. As the cybersecurity landscape evolves, businesses must stay informed about emerging trends. The integration of AI and machine learning, the adoption of zero-trust architecture, and the potential applications of blockchain technology are just a few examples of how businesses can stay ahead of cyber threats. Finally, learning from successful cybersecurity implementations and notable failures can provide valuable insights and lessons for businesses. Investing in cybersecurity measures, staying vigilant, and prioritizing ongoing education and improvement can significantly enhance a business's resilience in the face of cyber threats. By understanding and implementing robust cybersecurity practices, businesses can protect their valuable assets, maintain customer trust, and secure a competitive edge in the digital landscape. Cybersecurity is not just an option—it's a necessity for business sustainability and growth. Cybersecurity has become a crucial aspect of our daily lives in today's interconnected world. As we become more reliant on technology and the internet, the need to protect our digital assets, personal information, and critical infrastructure from malicious threats grows exponentially. Cybersecurity, the practice of defending digital systems, networks, and data from unauthorized access and cyberattacks, has emerged as a critical field with increasing importance in this digital age. However, a central question often arises: Is cybersecurity genuinely hard, or are we overestimating its challenge? The media frequently portrays cybersecurity as an insurmountable obstacle, with high-profile breaches and seemingly impenetrable systems dominating the headlines. While it's essential to acknowledge the complexities of this field, it's also crucial to avoid being overwhelmed by the hype surrounding it. This article aims to delve into various perspectives on the difficulty of cybersecurity, explore the factors that contribute to this perception, and ultimately provide a balanced view that considers both the challenges and the potential for overcoming them. By examining the intricacies of cybersecurity, we aim to offer a comprehensive understanding that can empower individuals and organizations to make informed decisions about their digital security. Understanding CybersecurityDefinition and Scope of CybersecurityCybersecurity refers to the practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access. It encompasses various activities and strategies to safeguard digital information, infrastructure, and assets against cyber threats. Cybersecurity spans multiple domains, including information security, network security, application security, and operational security, among others. Its scope has continued to expand with the rapid evolution of technology and the increasing reliance on digital systems in various aspects of our lives. Key Components of Cybersecurity: Technology, Processes, and PeopleThree key components comprise the foundation of cybersecurity:
Technology includes the hardware, software, and other tools used to protect digital systems and data. Processes involve the policies, procedures, and best practices that govern how organizations and individuals manage and maintain security. People are the most crucial component, as they are responsible for implementing and maintaining security measures and creating a culture of awareness and vigilance. Common Cybersecurity Threats and ChallengesSome common cybersecurity threats and challenges include:
The Growing Demand for Cybersecurity ProfessionalsAs cyber threats continue to evolve and become more sophisticated, the demand for skilled cybersecurity professionals has surged. Organizations of all sizes and industries recognize the need for experts who can develop and implement adequate security measures to protect their digital assets. In addition to technical expertise, cybersecurity professionals must possess strong problem-solving, analytical, and communication skills. As a result, there is an increasing emphasis on training, education, and certifications to meet the growing demand for qualified cybersecurity professionals in the workforce. The Perception of Difficulty in CybersecurityPublic Perception and Media Portrayal of CybersecurityMedia portrayals of high-profile cyberattacks, data breaches, and digital espionage often influence the public perception of cybersecurity. News reports tend to focus on the most dramatic incidents, giving the impression that cybersecurity is a nearly insurmountable challenge. This portrayal can contribute to a sense of helplessness and anxiety, leading many to believe cybersecurity is inherently complex and challenging. Factors Contributing to the Perception of DifficultySeveral factors contribute to the perception of cybersecurity as a hard and complex field:
Debunking the Myth: Reasons Why Cybersecurity Might Not Be as Hard as We ThinkThe Importance of Diverse Skill Sets in CybersecurityWhile technical expertise is undoubtedly essential in cybersecurity, it is not the only skill that matters. Effective cybersecurity teams require diverse skill sets, including analytical thinking, problem-solving, communication, and even creativity. People from various backgrounds, including non-technical fields, can contribute their unique perspectives and abilities to address security challenges. This diversity makes cybersecurity more accessible and manageable than one might initially assume. The Availability of Training and Educational ResourcesA wealth of training and educational resources is available for individuals interested in pursuing a career in cybersecurity or enhancing their knowledge. From online courses and certifications to college degrees and workshops, numerous opportunities exist to learn and develop the required skills. The accessibility of these resources enables people with different backgrounds and experience levels to gain a foothold in the cybersecurity field and navigate its complexities more easily. The Role of Collaboration and Information Sharing in Tackling Cybersecurity ChallengesCollaboration and information sharing are essential in combating cybersecurity threats. Organizations, governments, and individuals can pool their resources and expertise to identify and address vulnerabilities and emerging threats more effectively by working together and sharing knowledge. This collective approach helps to level the playing field and makes cybersecurity challenges more manageable than they might appear when tackled in isolation. The Potential of Automation and AI in Making Cybersecurity More ManageableAdvancements in automation and artificial intelligence (AI) hold great promise for making cybersecurity more manageable. AI-powered tools can help identify and respond to threats more quickly and accurately, while automation can streamline various security processes, freeing up human resources to focus on more strategic tasks. By leveraging these technologies, organizations can improve their security posture and make cybersecurity more approachable and less overwhelming. Acknowledging the Challenges: Why Cybersecurity Can Be HardThe Ever-Changing Threat LandscapeCybersecurity is undoubtedly challenging due to the constantly evolving threat landscape. Cybercriminals and other threat actors continually develop new tactics, techniques, and tools to exploit vulnerabilities in digital systems. This dynamic environment requires organizations and individuals to stay up-to-date with the latest threats, adapt their security measures accordingly, and remain vigilant against potential attacks. The Need for Constant Vigilance and AdaptabilityThe nature of cybersecurity threats necessitates constant vigilance and adaptability. Organizations and individuals must maintain a proactive approach to security, regularly assessing their defences, updating software, and implementing new technologies to counter emerging threats. This ongoing effort requires time, resources, and dedication, which can make cybersecurity a demanding and challenging field. The Shortage of Skilled Cybersecurity ProfessionalsThe rapid growth of the cybersecurity field and the increasing complexity of cyber threats have led to a shortage of skilled professionals. This skills gap makes it difficult for organizations to find and retain the expertise they need to effectively manage their cybersecurity programs. As a result, existing cybersecurity professionals often face increased workloads and pressure, contributing to the perception that the field is complex and demanding. Balancing Security and User ConvenienceOne of the most significant challenges in cybersecurity is finding the right balance between security and user convenience. Implementing strict security measures can often reduce usability and hinder user productivity. On the other hand, prioritizing user convenience can lead to security vulnerabilities and increased risk. Striking the right balance requires careful consideration of both security needs and user requirements, making cybersecurity a complex and intricate field to navigate. Striking a Balance: Finding the Right Perspective on Cybersecurity's DifficultyRecognizing the Complexities of Cybersecurity Without Succumbing to HypeIt is crucial to acknowledge the inherent complexities of cybersecurity without falling prey to the hype and sensationalism that often surround the field. By maintaining a realistic and balanced perspective, individuals and organizations can better understand their challenges and develop appropriate strategies to address them. This approach involves recognizing that while cybersecurity can be demanding and complex, it is a manageable challenge. Instead, it is a field that requires continuous effort, adaptation, and resilience to navigate effectively. Emphasizing the Importance of Continuous Learning and Skill DevelopmentTo succeed in cybersecurity, embracing continuous learning and skill development is essential. The ever-evolving threat landscape and the rapid advancements in technology make it necessary for professionals to stay informed about the latest trends, tools, and best practices. By fostering a culture of lifelong learning and investing in professional development, individuals and organizations can enhance their ability to manage cybersecurity challenges more effectively. This mindset helps counter the perception that cybersecurity is too hard by demonstrating that it is possible to keep pace with the field's demands with dedication and effort. Encouraging Collaboration and Information Sharing to Address Cybersecurity Challenges CollectivelyGiven the complexities of cybersecurity, it is vital to encourage collaboration and information sharing among stakeholders, including governments, businesses, and individuals. By working together and sharing knowledge and resources, these entities can more effectively tackle emerging threats and develop innovative solutions to address cybersecurity challenges. Collaborative efforts, such as industry partnerships, information-sharing platforms, and cross-disciplinary research initiatives, can help create a more united front against cyber threats. This collective approach not only helps manage the complexities of cybersecurity but also reinforces the idea that by working together, the perceived difficulty of the field can be significantly reduced. RecapIn this article, we have explored various perspectives on the difficulty of cybersecurity, discussing factors contributing to the perception of its complexity and why it might not be as hard as it appears. We have acknowledged the ever-changing threat landscape, the need for constant vigilance and adaptability, and the challenges of balancing security and user convenience. At the same time, we have highlighted the importance of diverse skill sets, the availability of training and educational resources, and the potential of collaboration and technological advancements in making cybersecurity more manageable. It is essential to maintain a balanced understanding of cybersecurity's difficulty, recognizing its complexities while acknowledging opportunities for growth and improvement. This perspective allows us to approach cybersecurity challenges with a sense of realism and determination rather than being overwhelmed by fear and anxiety. We encourage readers to actively enhance their cybersecurity knowledge and skills, whether by pursuing professional development opportunities, engaging in collaborative initiatives, or staying informed about the latest trends and best practices. We can collectively work towards a more secure digital future by embracing continuous learning and fostering a culture of awareness and vigilance. When you're ready to dive deeper into the world of cybersecurity, don't hesitate to reach out to our experienced team of experts. We're here to provide the guidance and support you need to navigate the complex cybersecurity landscape confidently. Connect with us today, and let's work together to empower you with the knowledge and skills essential for a secure digital future. IntroductionIn today's interconnected world, where digital technology permeates almost every aspect of our lives, cybersecurity has emerged as a crucial component for the safety and stability of our society. From securing personal information and financial transactions to safeguarding critical infrastructure and maintaining the integrity of democratic processes, the realm of cybersecurity extends far beyond what many of us might initially perceive. As cyber threats evolve in sophistication and frequency, it has become essential for individuals, businesses, and governments to prioritize cybersecurity and stay one step ahead of the attackers. This article aims to delve into the wide-ranging consequences of cybersecurity on society. By examining cyber threats' economic, social, and psychological ramifications, we will gain a deeper understanding of the necessity for robust cybersecurity measures and the collaborative efforts required to protect our digital landscape. Through this exploration, we aim to shed light on the complex relationship between cybersecurity and the society in which we live, emphasizing the significance of staying informed and vigilant in this ever-changing digital world. The Economic Impact of Cyber AttacksThe Cost of Data Breaches and Cyber Attacks to BusinessesData breaches and cyber attacks can have devastating financial consequences for businesses of all sizes. The direct costs associated with a breach can include expenses related to detection, containment, and recovery, as well as regulatory fines and legal fees. Additionally, there are often indirect costs, such as lost revenue due to downtime, damage to brand reputation, and the potential loss of intellectual property. According to a study by IBM, the global average total cost of a data breach increased by USD 0.11 million to USD 4.35 million in 2022, the highest it's been in the history of this report, highlighting the escalating financial risks organizations face. Loss of Consumer Trust and Its Long-term Effects on IndustriesThe repercussions of a cyber attack can extend well beyond the immediate financial impact on a business. The loss of consumer trust, which often follows a high-profile data breach, can have long-lasting effects on industries as a whole. Customers are becoming increasingly aware of the importance of data privacy and security, and a breach can cause them to lose faith in the affected organization and its competitors. This loss of trust can result in reduced sales, decreased customer retention, and increased difficulty in attracting new clients. Ultimately, the erosion of consumer confidence can lead to a slowdown in the growth and innovation of entire industries. The Growth of the Cybersecurity Market and Job OpportunitiesAs the threat landscape evolves and the demand for effective cybersecurity solutions increases, the cybersecurity market is experiencing rapid growth. According to ResearchAndMarkets.com, cumulative global spending on cybersecurity products and services will exceed one trillion US dollars over the next five years, with multiple trillion dollars in cybercrime damages realized through 2030. This expansion has led to a surge in job opportunities within the field, with roles such as security analysts, ethical hackers, and incident responders becoming increasingly sought after. However, despite the growing demand for skilled professionals, the cybersecurity industry faces a significant talent shortage. Businesses and governments must invest in education and training programs to cultivate the next generation of cybersecurity experts. The Influence of Cybersecurity on Privacy and Individual RightsThe Balance Between Security and Privacy in a Digital AgeThe rapid advancement of digital technology and the increasing importance of cybersecurity has sparked a debate on striking the right balance between security and privacy in the digital age. While robust cybersecurity measures are essential for protecting sensitive information and preventing cyber attacks, they can sometimes come at the cost of individual privacy. Governments and organizations must carefully navigate this delicate balance to ensure that the pursuit of security does not infringe upon citizens' fundamental rights and freedoms. Government Surveillance and Data CollectionGovernment surveillance and data collection efforts, often justified as necessary for national security and crime prevention, have raised concerns about potential privacy violations and the erosion of individual rights. The revelations by whistleblowers like Edward Snowden have exposed the extent of government surveillance programs, leading to public outcry and increased scrutiny of these practices. Governments must be transparent about their data collection and surveillance activities and ensure that they operate within the bounds of the law while respecting the privacy rights of their citizens. The Role of Encryption and Secure Communication ToolsEncryption and secure communication tools are critical in protecting individual privacy in a world where cyber threats constantly evolve. By scrambling data so that only authorized parties can access it, encryption safeguards against unauthorized interception, surveillance, and data breaches. However, the widespread use of encryption has also sparked debates about its potential to hinder law enforcement and national security efforts, as criminals and terrorists can use these tools to communicate covertly. As the debate over the "going dark" problem continues, it is essential to recognize the importance of encryption in preserving privacy and individual rights while also considering the legitimate concerns of law enforcement agencies. Cybersecurity and the Critical InfrastructureThe Vulnerabilities of Critical Infrastructure to Cyber AttacksCritical infrastructure, such as power grids, water treatment facilities, transportation systems, and communication networks, is crucial to the functioning of modern society. However, these systems' increasing digitization and interconnectedness have also made them more vulnerable to cyber-attacks. Cybercriminals and nation-state actors often target critical infrastructure to cause widespread disruption, inflict economic damage, or achieve political objectives. The growing reliance on the Internet of Things (IoT) devices and the widespread use of legacy systems with outdated security measures further exacerbate these vulnerabilities. The Potential Consequences of a Major Cyber Attack on InfrastructureA major cyber attack on critical infrastructure can have severe consequences that ripple across society, impacting the economy, public safety, and national security. For instance, an attack on the power grid could result in widespread blackouts, crippling transportation systems, disrupting emergency services, and affecting the daily lives of millions of people. A cyber attack on a water treatment facility could compromise drinking water safety, posing significant health risks to the population. In addition to the immediate consequences, the long-term effects of such attacks can include loss of public trust in the affected systems, increased regulatory scrutiny, and significant financial costs for recovery and system upgrades. Government and Private Sector Collaboration to Protect Critical InfrastructureProtecting critical infrastructure from cyber threats requires a collaborative approach between the government and the private sector, as both parties play crucial roles in the management and operation of these systems. Public-private partnerships can facilitate information sharing, threat intelligence, and the development of best practices for securing critical infrastructure. Governments can provide guidance, resources, and regulatory frameworks to encourage private-sector investment in cybersecurity. In turn, private-sector organizations can share their expertise, technology, and innovation to help governments enhance their cybersecurity capabilities. By working together, the government and private sector can build a more resilient and secure digital ecosystem, safeguarding the critical infrastructure that underpins our modern society. The Social and Psychological Effects of Cyber ThreatsThe Rise of Cyberbullying and Online HarassmentThe pervasive nature of the internet has given rise to new forms of bullying and harassment that occur in digital spaces. Cyberbullying and online harassment can take various forms, including hurtful messages, public shaming, doxxing, or sharing private information without consent. These harmful actions can lead to severe emotional and psychological distress for victims, with consequences such as depression, anxiety, and even suicidal ideation. Individuals, educators, and policymakers must acknowledge and address the gravity of cyberbullying and online harassment and work together to create a safer and more supportive online environment. The Impact of Disinformation Campaigns on Society and PoliticsDisinformation campaigns, or the deliberate spread of false information intending to deceive, manipulate, or sow discord, have emerged as a significant cyber threat with far-reaching social and political implications. Often fueled by social media and other online platforms, these campaigns can distort public discourse, erode trust in institutions, and deepen social and political divides. In some cases, malicious actors have used disinformation campaigns to interfere with elections, manipulate public opinion, and undermine democratic processes. Combating disinformation requires a concerted effort from governments, technology companies, and citizens to promote media literacy, fact-checking, and critical thinking skills. Mental Health Consequences of Living in a World with Constant Cyber ThreatsThe constant barrage of cyber threats and the increasing awareness of digital vulnerabilities can take a toll on mental health. Many individuals may experience anxiety or stress related to protecting their personal information, maintaining their privacy, or navigating the complexities of the digital world. Furthermore, the fear of becoming a victim of a cyber-attack, having one's identity stolen, or falling prey to a phishing scam can contribute to a general sense of unease and insecurity. It is essential to recognize the psychological impact of living in a world with constant cyber threats and to provide resources and support for individuals who may be struggling with anxiety or other mental health issues related to their digital lives. Cybersecurity as a Catalyst for Innovation and CollaborationThe Development of New Security Technologies and SolutionsThe ever-evolving landscape of cyber threats has driven the need for continuous innovation in the field of cybersecurity. To stay ahead of malicious actors, researchers and companies are constantly developing new security technologies and solutions, such as artificial intelligence (AI)-based threat detection, advanced encryption methods, and biometric authentication systems. These cutting-edge innovations enhance the overall security posture of organizations and individuals and foster a culture of continuous improvement and adaptation in the face of emerging threats. Cross-Industry and International Collaboration to Address Cyber ThreatsCyber threats transcend geographical boundaries and industry sectors, making cross-industry and international collaboration essential to address these challenges effectively. Organizations from different industries can share best practices, threat intelligence, and resources to bolster their collective cybersecurity efforts by joining forces. Similarly, international cooperation among governments, law enforcement agencies, and regulatory bodies can facilitate information sharing, joint investigations, and the developing of global cybersecurity standards. This collaborative approach can lead to a more unified and resilient global response to cyber threats, ensuring the safety and security of the digital ecosystem. The Role of Cybersecurity in Shaping the Future of Technology and SocietyAs technology advances and permeates every aspect of our lives, cybersecurity will play an increasingly pivotal role in shaping the future of technology and society. The need for robust cybersecurity measures will develop more secure and privacy-preserving technologies, such as decentralized systems and quantum-resistant encryption. In turn, these advancements will influence how we interact with technology and the digital world, fostering a more secure and privacy-conscious society. Furthermore, the growing importance of cybersecurity will highlight the need for a digitally literate and security-aware population, necessitating the integration of cybersecurity education into mainstream curricula and public awareness campaigns. Ultimately, the challenges posed by cyber threats will spur innovation, collaboration, and societal transformation, enabling us to build a more secure and resilient digital future.
Download your own copy of this article and become cybersecurity awareness champion.
![]()
52 Cybersecurity Tips for Personal or Business Application You Need in 2022Looking for quality cybersecurity tips? Here are 52 cybersecurity tips that you can apply to improve your online safety whether you’re using the Internet for personal or business purpose. Cybersecurity Tip #1: Cyberattack isn’t a matter of if, but whenYes, there are people and businesses who have deeper pockets than you or have more interesting data than you. This doesn’t mean cybercriminals don’t find you attractive. Most of cyberattacks aren’t targeted for the rich and famous. Cybercriminals simply automate their attacks and victims are hit not by how deep their pockets or how famous they are but by how weak their cyber defenses are. Don’t be an easy target. Cybersecurity Tip #2: Malware 101Malware comes from the words malicious and software. A malicious software is one that’s maliciously injected by cyber criminals into your desktop, laptop, smartphone, tablet or internet of things (IoT) devices like wi-fi router, CCTV camera or smart TV. Cyber criminals have found and are continuously finding creative means to deliver malware into computers using website, ads and email to name a few, causing damage to the devices, stealing data and committing other cybercrimes. Cybersecurity Tip #3: Don’t trust public charging stationsYou’re long away from home or from the office and your smartphone’s battery is about to die. You spot a public charging station. Hold up, public charging stations are ripe places for the cyberattack called “juice jacking” – a form of cyberattack that compromises public charging stations, stealing all the data on a smartphone that connects to it or installing a malware into the smartphone. Charge your phone before you go out or get your own portable charger, also known as a power bank. Cybersecurity Tip #4: Use 2-Factor AuthenticationWho can blame you if you use the name of your dog as your password or use the monumental 12356789 password? There are just too many passwords to remember, from email accounts, bank accounts to your Netflix account. While it isn’t advisable to use easily hacked passwords like 12356789, it’s best to use 2-factor authentication for your sensitive accounts like your primary emails. The 2-factor authentication ensures that you're the only person who can access your account, even if someone knows your password. It will add a second step to your login process sending a verification code to your mobile that hackers won’t have access to. It’s easy to setup with virtually every online service. Cybersecurity Tip #5: Never use a public computer to input your private dataIn public spaces like airports and hotels, public computers are offered to guests to use free of charge. While these public computers are beneficial to search for something, these public computers shouldn’t be used, for instance, to shop online where you’ve to input your private data or even check personal or work email. The public computer that you’re using can be tampered with a keylogger – a malware that records every keystroke made by a computer user. Your passwords and other confidential information can be accessed this way and then used by cybercriminals to steal your information and your identity. Cybersecurity Tip #6: Use an antivirus or a complete endpoint protection softwareAn antivirus won’t protect you from all malware in this world but it’s a cyber defense that you should have to improve your online safety. A complete endpoint protection on the other hand will provide a better protection against most online threats. There are many options to choose from and since it’s a commodity, annual subscription prices are generally very affordable. Cybersecurity Tip #7: Delete old, unnecessary appsSimilar to cleaning out your closet regularly, same thing has to be done with your laptop, smartphone and tablet apps. Old apps, especially those that are unsupported – software that’s no longer updated by the software maker – make your devices vulnerable to cyberattacks. Cybercriminals are particularly making malware that attacks old and unsupported software and apps to steal your personal information and evade your privacy. Cybersecurity Tip #8: Keep all your software up-to-dateIf there’s an available update for any of your software, install the update as soon as possible! A software update means that the software vendor found security vulnerability in the software and provides a patch – piece of software code that fixes the security vulnerability. The security update may interrupt your normal usage of your device, but this is a small price to pay compared to being a victim of a cyberattack as a result of failing timely to update your software. Cybersecurity Tip #9: Stay away from websites without “HTTPS”What does “HTTPS” even mean? A website address that starts with “https” is a sign that whatever you input in the website is encrypted – a process that jumbles the data (for instance, credit card details) that you’ve input in the website into some incoherent form so that this data can’t be read by cybercriminals when data travels online. Cybersecurity Tip #10: Don’t overshareYour social media accounts are filled with photos of your furry family member. There’s no harm in sharing these photos. Don’t overshare the details of your other family members like full names or dates of birth. Any of this data could be the secret answer in resetting your online account passwords without your knowledge. Cybersecurity Tip #11: Protect your primary emails as if your life depended on themYour online existence depends on your primary emails. Your online bank accounts are attached to your primary emails. When your primary emails are compromised, this could lead to the compromise of your other important online accounts. So, protect them as if your life depended on them (really). Protect them with strong passwords that are not based on a dictionary words and use 2-factor authentication. Remember, “Linda123” is a weak password that could and will be easily guessed by cybercriminals. Cybersecurity Tip #12: Free your primary emails from spam emailsSimilar to the origin of the word “spam” – canned meat that clogs your arteries, spam emails are similarly harmful to your online health or security. A spam email is an unsolicited email, a copy of which is sent to hundreds of thousands, if not, millions of recipients. Majority of malware – malicious software - is delivered through spam emails. Never open an unsolicited email even when the subject line is catches your attention. Delete it automatically. Cybersecurity Tip #13: Watch out for fake adsWho can resist a 70% off sale? Not many. But if this is an online advertisement, be wary of it. Cybercriminals are getting their hands on what appears to be legitimate online advertisements but are, in fact, fake ones. Known as malvertisement, from the words malware and advertisement, these fake ads install malware on your device once you click on it. Use an adblocker to protect your devices from malvertisements. Cybersecurity Tip #14: Download an app from official sourcesWant to learn a new language? There’s an app for that. Almost everything nowadays has an app. Only download an app from the official website or from official app stores including Apple and Google. Cybersecurity Tip #15: Scan apps for malwareNot all apps from official app stores, Apple or Google, are free from malware. While these official app stores make it a point to screen out apps with malware, some malicious apps aren’t screened out. Use an antivirus or endpoint protection software that screens apps prior to installing into your device. Cybersecurity Tip #16: Fish out phishing emailsA phishing email is an email that looks like it comes from a trusted source, but it isn’t. Cybercriminals use phishing emails to gain your trust for you to reveal sensitive data or convince you to do something. For instance, you may receive an email that looks like it comes from your bank, asking you to reveal your account login details. A close scrutiny though reveals that the email address of your bank is slightly modified to fool you into thinking that it’s a legitimate email from your bank. Never throw away caution whenever an email asks for your sensitive data. Remember that login details are your personal information. Your bank will never ask for your login details via email or over the phone. Cybersecurity Tip #17: Monitor your email activity logIf you’ve a Google email account, you can monitor who have access to it – what browsers, devices, IP addresses they are using and when they accessed it. You can terminate unwanted access to your email account with a single click. Cybersecurity Tip #18: Be careful what you clickSomething pops-up in your computer screen: a box where there’s a “Download Now” button to download the latest version of Adobe Flash. But you don’t even know what an Adobe Flash is. Never click on pop-ups like this. Cybercriminals lure victims to click on pop-ups like this in order to install malicious software on your computer that would allow them to use it against other computer users like you. Cybersecurity Tip #19: Put a tape over your laptop's cameraMark Zuckerberg does it, so should you – put a tape over your laptop's camera, that is. A malicious software can turn your laptop, smartphone or tablet camera into a spy camera. Better be safe than sorry by putting a tape over that camera. Cybersecurity Tip #20: Have more than one email accountNever rely on one email account. Create different emails for different purposes. For instance, the email account that links to your Netflix account should not be the same as the email account you use for your bank account. Cybersecurity Tip #21: Never trust an email attachment, even from a friendYou’ve just received an email from a friend with the subject line "ILOVEYOU". You’ve scrutinized the email address and indeed it’s from a friend – one that you’re fond of. Your friend’s email says, "kindly check the attached LOVELETTER coming from me." Should you open the attachment? In 2000, millions of email recipients opened an email with the subject line "ILOVEYOU" and downloaded the attachment assuming that it was a love letter. What was downloaded was, in fact, a malware that wiped out all computer files. So, even if the email address appears to be from a friend, never open an attachment. An email address nowadays can be spoofed. To be safe, directly contact your friend to verify if he or she indeed sent the email. Don’t use the Reply button. Create a new email using the email address that you’ve saved in your contacts. Cybersecurity Tip #22: Don’t forget to do a factory data resetFeeling generous or running out of cash? Your laptops, smartphones and tablets are valuable products to giveaway or earn cash. Before selling or giving them away, don’t forget to do a factory data reset or even “sterilize” your device using specialized tools. This will delete all your personal data like email details, sites that you’ve visited and photos and videos that you’ve taken. Cybersecurity Tip #23: Stay away from USBs and external hard drivesAnything that’s plugged into your laptop like USBs and external hard-drives is a potential source of malicious software. As such, stay away from them or find excuses not to use them, especially if they come from untrusted source. If you must use them, first disable the auto-run option and use an antivirus to scan the content. Never plugin any USB thumb-drives that you find on the street, at the mall or at the airport. Cyber criminals use this clever technique to infect your computer with malware. Cybersecurity Tip #24: Avoid public wi-fiAlmost all coffee shops and retail locations nowadays have public Wi-Fi. Know that whatever you access online by using a public Wi-Fi can be read or tracked by others. You can better protect yourself buy using an inexpensive VPN service or ask your company’s IT for a recommendation when away from the office. Cybersecurity Tip #25: Use a burner phone if you want to be reckless onlineIf you want to visit sites that are notoriously unsafe, or you want to download an app that you’re not sure it’s safe, then a burner phone is a must. A burner phone should be a separate phone. Your primary phone is one that you use for sensitive information like your primary emails and bank accounts. With your burner phone, no sensitive data should be entered. As no sensitive data is at stake, you can do whatever you want on this phone. Cybersecurity Tip #26: Slow performance of a device is a sign of a cyberattackEver wondered why your laptop, smartphone or tablet is running slow? This could be a sign that your device is has been hacked and/or tempered with. Slow performance is one of the signs that a device is infected with a malicious software. Cybersecurity Tip #27: Watch your back from disgruntled employeesSome people can’t seem to move on. This is the case mostly by fired employees. Make sure that before firing someone, his or her access to your organization’s data must first be disabled. Cybersecurity Tip #28: Never re-used a passwordThe name of your dog as a password for all your online accounts isn’t advisable. Cybercriminals have long discovered that people re-used their passwords. Stolen passwords are sold in the online black market as these are used to access other online accounts. Cybersecurity Tip #29: Use a separate credit or debit card for online shoppingTrust no one online. This should be the case every time you shop online. The risk of cyberattack on your most trusted online store can’t be dismissed. Don’t give cyber criminals the opportunity to access your hard-earned money. Get a separate credit or debit card solely for online shopping use. Only put in the amount that you’ll use and only leave the required minimum balance. Cybersecurity Tip #30: Never turn on out of office or vacation replyExcited about your upcoming tropical vacation? Don’t turn on that out of office or vacation reply. In your personal or office email, there’s an option to turn on the out of office or vacation reply. When this feature is turned on, every time people email you, they’ll receive an automatic email reply that you won’t be able to reply to them right away. While this is mindful to legitimate email senders, this is a security risk. Criminals may take your absence as an opportunity to attack your office or your home. Fortunately, some email providers allow restricting the out of office replies to your contacts only. Cybersecurity Tip #31: Never reveal your real locationIt’s tempting to post on social media those lovely vacations photos immediately right after they’re taken or to go live via Facebook to share the beautiful scenery where you’re vacationing. Revealing your exact whereabouts via social media postings is a cybersecurity risk. Criminals may take advantage of your absence and may do something sinister in your office or home. The delayed postings of your vacation photos and videos will bring the same reaction from your frenemies. They’ll either love or hate you more. Cybersecurity Tip #32: Turn off your geo-locationTurning on geo-location in your Google, Facebook, Instagram and other social media accounts can tip criminals of your exact whereabouts. Always turn this off to protect your privacy. Cybersecurity Tip #33: Never use the following abused passwordsA Google and UC study revealed that passwords listed below are the most commonly used and abused passwords:
Cybersecurity Tip #34: Mind your IoT devicesIoT devices like your wi-fi router, CCTV camera and smart TV are computers too. Protect them like your other devices such as laptops and smartphones as IoT devices are similarly targeted by cybercriminals. Your insecure IoT device can be used by cybercriminals to form a botnet – a group of insecure IoT devices that are infected with malware and controlled by a cybercriminal or a group of cybercriminals to conduct cybercrimes such as spreading spam emails. Changing the default passwords to stronger passwords and keeping the software of your IoT devices up-to-date are two of the best cybersecurity practices to protect your IoT devices from cyber criminals. Cybersecurity Tip #35: Cybercriminals may be making money out of using your computersYour desktop, laptop, smartphone, tablet and IoT are money-making machines for cybercriminals who are engaged in the cyberattack called cryptocurrency mining. A number of cryptocurrencies, including Bitcoin, need to be mined. Cryptocurrency mining refers to the process by which transactions are verified and also a means of releasing a new digital coin. In the past, ordinary computers were used to mine Bitcoin. Today, to mine Bitcoin, one needs a specialized and powerful computer. Other cryptocurrencies like Monero, however, can be mined using ordinary computers and even small devices such as smartphones and IoT devices. The computational power of your devices may be small but when they are combined with thousands, if not, millions of other devices, the resulting computing power is enormous. According to a security company Avast, more than 15,000 IoT devices would be needed to mine $1,000-worth of Monero coins in just 4 days. The thing about cryptocurrency mining attack is that this is done without the knowledge of the IoT device owner. High energy bills, poor device performance and a shortened device lifespan are signs that your IoT devices are used by cybercriminals for cryptocurrency mining. Using strong passwords and keeping the software of your IoT devices up-to-date are 2 of the effective means to protect your devices from cryptocurrency mining. Cybersecurity Tip #36: Your IoT devices can be used for DDoS attackIn a distributed denial-of-service (DDoS) attack, an attacker may take advantage of the weak security of your IoT device like your CCTV camera, inject a malicious software into it, control it and send huge amounts of data to a website, making a website unusually slow or making it inaccessible to visitors. Protect your IoT devices from being used for DDoS attacks by changing the default password to a stronger one and keep the IoT’s software up-to-date. Cybersecurity Tip #37: Backup important dataHave an extra copy or copies of your important data or use a secure online storage. This way, if anything happens to your laptop, smartphone or tablet with your important data on it, you’ve something to fall back on. Cybersecurity Tip #38: Prevent ransomwareReal-life crimes are mirrored online. In a ransomware attack, a cyber attacker injects a malicious software in your desktop, laptop, smartphone or tablet, encrypts all the files, locking you out of your device and asks a ransom payment from you to unlock the device. Keeping all your software, especially your operating system, up-to-date is one of the effective means to prevent ransomware attacks. Backing up your important data ensures that ransomware attacks won’t have an effect on you as you can simply ignore the ransom threat as you’ve another copy of the data. Cybersecurity Tip #39: To pay or not to pay in case of a ransomware attackIf you’ve a backup copy of the data that ransomware criminals are holding hostage, then there’s no point in paying the ransom. Backing up your data is, therefore, very important so that ransomware criminals won’t have any leverage on you. Dilemma often comes from ransomware attack victims who haven’t backed up their data. Paying the criminals, however, doesn’t guarantee that you’ll get your data back. The software code of infamous WannaCry ransomware, for instance, was written in such a way that even the criminals themselves can’t unlock the locked data even if the victims pay ransom. Cybersecurity Tip #40: Install adblockerMany online ads install malware on your computer. To prevent malicious ads from appearing on web pages, install an adblocker – software that blocks online advertisements from appearing on web pages that you visit. Cybersecurity Tip #41: Don’t be a victim of social engineeringSocial engineering is a form of manipulation that convinces you to ignore normal security procedures. In your personal life, you may receive a call from someone pretending to be from your bank, asking for your bank login details. At work, you may receive a call and an email from someone pretending to be from your company’s supplier, asking you to transfer money to the supplier’s new bank account. In both situations, you’re asked to do something that’s not within the normal security procedures. Your bank wouldn’t call you to ask for your login details. And company protocols for money transfer to a new bank account are more exhaustive than a mere phone call or simple email. The scam at the office is what is called business email compromise (BEC) scam. It’s a form of social engineering where scammers try to convince you, especially if your work at the office is related to finance, to ignore normal office security procedures. BEC scammers see to it that your boss is out in the office when the scam happens. Scammers will call you, email you, pretend that they represent your regular supplier and convince you to make money transfer to the new bank account of the supplier. The scammers may send a spoof email that looks like it comes from your boss, convincing you to release money to the new bank account. The best way to avoid being a victim of the BEC scam is to verify the authenticity of the money transfer request by talking face-to-face to your CEO or by speaking to him or her directly on the phone. Cybersecurity Tip #42: Legitimate website may be a carrier of malwareA legitimate website doesn’t mean it’s a safe site. Cyber criminals are using insecure sites to spread malware through a cyberattack called drive-by attack. The attack is called “drive-by” as this requires no action from the victim, other than visiting a website. Criminals may plant the malware on the site visited by the victim or the criminals may redirect the victim to another site and from there infects the computer of the visitor with a malware. Typical victims of drive-by attacks are computers with outdated software. To prevent drive-by attacks, it’s important then to keep all your software up-to-date by installing updates as soon as it becomes available. Cybersecurity Tip #43: Delete potentially unwanted appsPotentially unwanted apps (PUA) are software that you haven’t intentionally downloaded. They’re just downloaded along with an app that you intentionally downloaded. These unwanted apps could display pop-ups, install browser extensions and even change your current browser. They may be harmless at first, but once cyber criminals get hold of them, they could become malicious overtime. One way to prevent unwanted apps from entering your computer is by going to advanced setting whenever you download an app. In the advanced setting, uncheck the apps that you don’t want to be installed on your computer. In case you’ve missed this advanced feature, delete these unwanted apps manually. Cybersecurity Tip #44: Stay off-gridWhenever you aren’t using your laptop, smartphone or tablet, disconnect your device from the internet. Whenever you notice that a cyberattack is about to happen through unwanted pop-up ads or a rogue email, disconnect your computer from the internet immediately and use your end point protection software to scan your device. Cybersecurity Tip #45: Exercise caution when visiting notorious sitesTorrent sites (include porn sites to the list) are notorious for being hotbeds for drive-by attacks. Stay away from sites like these. If you need to visit these notorious sites, use a burner phone, one that’s cheap and can easily be discarded. Cybersecurity Tip #46: Use your laptop as standard user, not as administratorIn your operating system, in Windows 10 for instance, you’ve the option to run your computer as a standard user or as an administrator. As a standard user, you can perform common daily tasks like surfing the internet, checking emails and running software programs. As an administrator, you can add, remove software and even reset the PC to factory setting. Setting your PC to standard user ensures that you won’t unintentionally add or delete software. Only set your PC to administrator mode if you need to make conscious clean-up of the existing apps on your PC. Setting your PC to standard user will also minimize the risks of malicious installation of malware into your PC. Have a Guest account on your computer? If you really need it, make sure you use a strong account password. Cybersecurity Tip #47: No one could address ALL cybersecurity issuesIf someone tells you that he has an all-in-one fix to all cybersecurity problems, know that he’s blowing smoke. Fifty-two cybersecurity tips are particularly listed here as there are more than one solution to preventing cyberattacks and data breaches. Cybersecurity Tip #48: Not all hackers are badEvery day hackers, the good ones and the bad ones are always looking for security vulnerabilities on widely-used software programs. Good hackers, also known as white hat hackers or ethical hackers, regularly test software programs for security vulnerabilities. Once a white hat hacker discovers any security vulnerability on a particular software, this is then reported directly to the software maker in order for the software maker to issue a security update fixing the newly discovered security vulnerability. Software makers like Google, Apple and Microsoft give monetary rewards to white hat hackers for their discovery and for directly reporting the security vulnerability. Many software companies are also employing in-house hackers to test the security vulnerabilities of their software products. Bad hackers, also known as black hat hackers, regularly test widely-used software for security vulnerabilities. Once they discover it, they don’t report this to the software maker and instead use it for personal gains like launching cyberattacks using the newly discovered security vulnerability or selling via online black market the information or the malicious software created specifically to exploit the newly discovered security vulnerability. Like in the real world, there are gray areas. Same thing in the world of hacking, there are gray hat hackers. They are often a mix of white and black hat hackers. Gray hat hackers often search for security vulnerabilities for widely-used software. Once they discover a vulnerability, they’ll contact the software owner, demand a payment for the discovery or for the security fix if they’ve one. If the software maker doesn’t pay up, a gray hat hacker threatens the software maker to expose the security vulnerability to the public. Cybersecurity Tip #49: Stay away from anything that’s free onlineLike in real life, nothing is free. Stay away from free apps, free antivirus, free VPN (virtual private network), free Wi-Fi. Free stuff online almost always has a caveat, that is, free service for stealing your data, for instance. Remember Facebook’s data breaches? Well, after all it’s a free service. Cybersecurity Tip #50: Do your own research in choosing any software, internet service provider or any online servicesAlways do your own research when it comes to choosing anything that connects your primary devices like your main laptop and main smartphone to the internet. Your main laptop and main smartphone are devices where you access your sensitive information like your important emails, bank accounts and other important accounts. It’s, therefore, essential that you spend time choosing the most trusted, credible software, internet service provider and other online services. A simple online search will tell you whether such online service is credible or not. If you have a friend or a family member who works in cybersecurity or IT fields, always ask for their opinion. Cybersecurity Tip #51: What to do in case of a cyberattack?In case of a cyberattack, your immediate reaction should be to go off the grid. Immediately disconnect your computer from the internet. Then use an uninfected device, another laptop or another smartphone to change your passwords and activate 2-factor authentication of your primary emails and important accounts like bank accounts. What to do with the attacked device? Conduct a full scan of the device and if possible perform a factory reset. A full scan will aid you in discovering and deleting hidden malware, while the factory reset will erase all the data, including the malware injected into your device. The problem with factory reset though is that it’ll erase even your important data. This is why it’s a good practice to backup all your important files so that if anything happens you can still have access to your important data despite the failure of one device. There are plenty of online services that will sync your data and will keep it safe in the Cloud. Check with your IT prior to installing anything on your work computer or company issues mobile device. You could be violating company’s policy. Cybersecurity Tip #52: Cybercrime is a growing businessHere are few numbers: $16 Million-worth of ransom payment was paid by nearly 20,000 ransomware victimsduring a 2-year period, a study conducted by researchers from Princeton University, New York University, University of California, San Diego, Google and Chainalysis showed. 3 Billion was lost to BEC scammers from January 2015 to February 2017, according to the Federal Bureau of Investigation (FBI). Stay safe! 2021 Top 25 Most Dangerous Software WeaknessesSoftware has weaknesses. The most dangerous software weaknesses are those that are often easy to find, easy to exploit, and can allow attackers to completely take over a system, prevent an application from working, or steal data. MITRE recently released the 2021 top 25 most dangerous software weaknesses – a demonstrative list of the most dangerous software weaknesses over the previous two calendar years. To create the 2021 list, MITRE used the Common Vulnerabilities and Exposures (CVE) data found within the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), and the Common Vulnerability Scoring System (CVSS) scores associated with each CVE record. The Software Weaknesses ListHere are the top 25 most dangerous software weaknesses over the previous two calendar years: 1. Out-of-Bounds WriteOut-of-bounds write, also known as memory corruption, occurs when the software writes data past the end or before the beginning of the intended buffer. This software weakness can result in code execution, corruption of data, or a crash. 2. Improper Neutralization of Input During Web Page GenerationImproper neutralization of input during web page generation, also known as cross-site scripting (XSS), occurs when the software doesn’t neutralize or incorrectly neutralizes user-controllable input before it’s outputted as a web page. 3. Out-of-Bounds ReadOut-of-bounds read occurs when the software reads data past the end or before the beginning of the intended buffer. This software weakness can cause a crash or allow attackers to read sensitive information from other memory locations. 4. Improper Input ValidationImproper input validation occurs when the software receives input or data, but it doesn’t validate or incorrectly validates the input. When a software doesn’t validate input properly, attackers can craft the input in a form that isn’t expected by the rest of the application. This can result in altered control flow, arbitrary code execution, or arbitrary control of a resource. 5. Improper Neutralization of Special Elements used in an OS CommandImproper neutralization of special elements used in an OS command, also known as OS command injection or shell injection, occurs when the software doesn’t neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it’s sent to a downstream component. This can allow attackers to execute dangerous commands directly on the operating system. 6. Improper Neutralization of Special Elements used in an SQL CommandImproper neutralization of special elements used in an SQL command, also known as SQL injection, occurs when the software doesn’t neutralize or incorrectly neutralizes special elements that can modify the intended SQL command when it’s sent to a downstream component. This can allow attackers to alter query logic to bypass security checks, execute system commands, or insert additional statements that modify the back-end database. 7. Use After FreeUse after free occurs when the use of previously-freed memory can cause the software to crash, cause corruption of valid data, or result in the execution of arbitrary code. 8. Improper Limitation of a Pathname to a Restricted DirectoryImproper limitation of a pathname to a restricted directory, also known as path traversal, occurs when the software doesn’t properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that’s outside of the restricted directory. This can allow attackers to escape outside of the restricted location to access files or directories that are elsewhere on the system. 9. Cross-Site Request Forgery (CSRF)Cross-site request forgery occurs when the web application doesn’t or can’t sufficiently verify a valid request provided by the user. This can allow attackers to trick a client into making an unintentional request to the web server which will then be treated as a valid request. 10. Unrestricted Upload of File with Dangerous TypeUnrestricted upload of file with dangerous type occurs when the software allows the uploading or transferring of files of dangerous types which can be automatically processed within the software’s environment. 11. Missing Authentication for Critical FunctionMissing authentication for critical function occurs when the software doesn’t perform any authentication for functionality that requires a valid user identity. This can allow attackers to read or modify sensitive data, access administrative or other privileged functionality, or execute arbitrary code. 12. Integer Overflow or WraparoundAn integer overflow or wraparound occurs when the software performs a calculation in which the logic assumes that the resulting value will always be larger than the original value. This can allow attackers to introduce other weaknesses when the calculation is used for execution control or resource management. 13. Deserialization of Untrusted DataDeserialization of untrusted data occurs when the software deserializes untrusted data without sufficiently verifying that the resulting data will be valid. An assumption that the code in the deserialized object is valid is susceptible to exploitation. Attackers can change unexpected objects or data that was assumed to be safe from modification. 14. Improper AuthenticationImproper authentication occurs when the software doesn’t prove or insufficiently proves that the user’s identity is correct. 15. NULL Pointer DereferenceNULL pointer dereference occurs when the software dereferences a pointer that it expects to be valid, but is NULL, causing an exit or crash. 16. Use of Hard-coded CredentialsThe use of hard-coded credentials creates a software weakness that allows attackers to bypass the authentication that has been configured by the software administrator. 17. Improper Restriction of Operations within the Bounds of a Memory BufferImproper restriction of operations within the bounds of a memory buffer, also known as buffer overflow, occurs when the software performs operations on a memory buffer, but it can write to or read from a memory location that’s outside of the intended boundary of the buffer. This can allow attackers to change the intended control flow, execute arbitrary code, cause the system to crash, or read sensitive information. 18. Missing AuthorizationMissing authorization occurs when a software doesn’t perform an authorization check when a user attempts to access a resource. This can allow attackers to read sensitive data, modify sensitive data, or gain privileges by modifying or reading critical data directly, or by accessing privileged functionality. 19. Incorrect Default PermissionsIncorrect default permissions occur when during the installation of the application, installed file permissions are set to allow anyone to modify those files. This can allow attackers to read or modify application data. 20. Exposure of Sensitive Information to an Unauthorized ActorExposure of sensitive information to an unauthorized actor, also known as information leak, occurs when the software exposes sensitive information to a user that isn’t explicitly authorized to have access to that information. 21. Insufficiently Protected CredentialsInsufficiently protected credentials occur when the software transmits or stores authentication credentials, but it uses an insecure method. This can allow attackers to gain access to user accounts and access sensitive data. 22. Incorrect Permission Assignment for Critical ResourceIncorrect permission assignment for critical resource occurs when the software specifies permissions for a security-critical resource, allowing the resource to be read or modified by attackers. 23. Improper Restriction of XML External Entity ReferenceImproper restriction of XML external entity reference occurs when the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control. Common consequences of this software weakness include attackers being able to access arbitrary files on the system, or can cause consumption of excessive CPU cycles or memory using a URI that points to a large file, or a device that always returns data such as /dev/random. 24. Server-Side Request Forgery (SSRF)According to MITRE, in server-side request forgery, the “web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.” A real-world example of server-side request forgery attack allowed attackers to request a URL from another server, including other ports, which allowed proxied scanning. 25. Improper Neutralization of Special Elements used in a CommandImproper neutralization of special elements used in a command occurs when data from an untrusted source enters the application and the data from an untrusted source is executed as a command by the application. This gives attackers privileges or capabilities that they would not otherwise have. 10/30/2019 How Does the Cybersecurity Skill Gap Affect Your Organization and What can You Do to Make it Right?How Does the Cybersecurity Skill Gap Affect Your Organization and What can You Do to Make it Right?“There are only two types of companies: those that have been hacked, and those that will be.” — Robert Mueller, FBI Director What cybersecurity measures does your organization have in place? And who manages them? Chances are, you’re struggling to appoint an in-house, qualified cybersecurity specialist. Research by CyberEdge Group reveals that four in five organizations are in the same boat. This skills gap has decreased in the past couple of years, but it continues to impact different sectors in a major way. Education is the area affected most, with 87.1 percent of organizations having difficulty finding qualified experts, followed by telecommunications & tech (85.1 percent). The lack of suitable candidates available to help organizations safeguard their systems in an age of ransomware, DDoS attacks and more is concerning. Cybercriminals continue to employ ever-more-sophisticated techniquesto disrupt businesses and organizations of different sizes, across all industries (even healthcare). Sensitive data and processes must be protected to minimize threats. Understaffed organizations on tight budgets are especially vulnerable. 43 percent of cyberattacks target small businesses and just 14 percent of these are prepared — costing them $200,000 on average. And it makes sense. Leading brands and massive institutions can at least invest in cutting-edge software and external consultations to set-up efficient cybersecurity defenses. Smaller ones, particularly startups and none-profits, may be unable to afford either. Any organization without the finances for a full-time in-house IT specialist can use managed cybersecurity services to protect their system instead. A vulnerability assessment is perhaps the best place to start, to identify your biggest risks and take steps to mitigate them. But what else can you do to tackle cybersecurity flaws in your organization when you can’t find or afford an in-house specialist? 1. Invest in quality training to make your workforce more cybersecurity-awareCybersecurity is a complex area. This means it’s daunting for almost anyone without qualifications or experience in IT to grasp without extensive training. But this creates an opportunity to empower your staff with the skills, insights and practical knowledge to help your organization stay safe. Determine where your biggest vulnerabilities are and what attacks may pose the biggest risk to your operations. For example, you might buy high-end hardware and reliable software — yet have no idea how to maximize their performance. Alternatively, your workforce could consist of people without even basic computer skills or awareness of digital dangers. The mere mention of ransomware or malware could fly right over their heads. Investing in cybersecurity training obviously incurs expense, but it will pay off when your organization is less susceptible to major disruptions. 60 percent of small- and medium-sized businesses close their doors within six months of being hacked. And the fallout of this can be severe when mammoth investments have been made into trying to keep an organization afloat. You may already have an idea of which types of training will suit specific employees, based on their work experience, attitude or technical skills. But even if you don’t, taking the time to align the right knowledge upgrades with the right people will ensure organizations maximize the value of their training. 2. Make raising awareness of cybersecurity threats and trends an ongoing part of your company cultureCybersecurity trends change as hackers’ techniques and technologies evolve. Any organizations relying on outmoded measures leave their systems more vulnerable than they need to be. That’s why it’s so important to stay in touch with the latest attacks, the ways in which they penetrate systems and how businesses deal with them. For example, companies falling prey to a ransomware scheme may agree to pay the attacker(s) immediately out of desperation to get back on track. But there’s no guarantee that those responsible will honor their word and return your system to normal. They could take the money and leave the organization locked out of its own network. A failure to research and keep track of the latest developments in ransomware — as well as the wider world of cybersecurity — means organizations would be more likely to hand over the cash without considering the potential fallout. As a result, it might spend thousands of dollars and still be forced to close up shop when its data remains out of reach. Cultivate a greater awareness of cybersecurity in your organization. Share news stories, articles and updates related to the industry on a regular basis. Encourage staff to get involved with local initiatives or conferences designed to increase cybersecurity education. Offer incentives for anyone interested in growing their skill set. Building a workforce with a deeper understanding of common cybersecurity threats, and the measures required to combat them, can make a significant difference to your organization’s safety in the future. And don’t overlook the basics, either. Encourage staff to stay safe and remain vigilant whenever they’re online. This includes:
Another key issue to consider in your organization’s cybersecurity strategy is updating systems when employees leave, including shutting down any open sessions, something that is often overlooked by IT departments. Change login details to stop them gaining access to sensitive data or allowing others to do so. Even workers who seem trustworthy could still go on to compromise your organization’s security, intentionally or not. Every organization must take cybersecurity seriously. While the skill gap may make finding a qualified, experienced expert to manage your cybersecurity in-house difficult (if not impossible, depending on your budget), following the tips explored above can make a real difference. Managed cybersecurity services are a cost-effective, simple way to identify your organization’s gaps and fill them. Reliable specialists will perform a vulnerability assessment, reduce your chances of suffering a data breach and protect cloud & on-premise environments — safeguarding your systems on all fronts. Take action. Make a stand. Protect your organization against cyber-attacks. Contact our experts now. Why is Segregation of Duties Between IT and Cybersecurity Critical for Your Business?Neglecting your cybersecurity means neglecting your business’s future. It’s that simple. Every company has to take effective action to minimize its risk of a data breach, leveraging the latest, most effective measures to combat hackers. Software specialists Citrix is just one of the latest brands to come under attack: it’s believed as much as 10TB may have been stolen. Furthermore, the criminals are said to have gained access to the system through ‘password spraying’, or simply guessing weak, common passwords. It’s paramount to ensure your business is protected and prepared to deal with any serious cyberattack sent your way. One key aspect of safeguarding your company is Segregation of Duties between IT and cybersecurity. What does that mean and how do you do it? SoD DefinedSegregation of Duties (or SoD) revolves around keeping multiple people involved with achieving a specific goal, whatever the task at hand may be. Though it started as a process to minimize the danger of mistakes or fraudulent activities, SoD has evolved into an important security issue. All tasks covered require authorization from two parties to prove integrity and defend against breaches. All individuals involved in undertaking a process of any size would have to be in agreement before the task can be completed. Segregation of Duties is so important because it takes absolute power out of the hands of any one person within your company, offering greater peace of mind and caution. SoD spreads the privileges for everyone’s benefit and makes cybercriminals’ ‘work’ a little harder Key Benefits of Segregation of DutiesSegregation of Duties offers businesses numerous compelling benefits, including the following: Reduce the risk of inside attacksYou trust your employees to work with your system every day. You expect them to be respectful, careful and loyal. You put your faith in them to help steer your company toward success. And yet, inside attacks are a sad reality of cybersecurity breaches. Not only can an issue caused from the inside be more difficult to detect until it’s too late, but it can be particularly devastating on an emotional level if the attack was intentional. Dealing with a mistake is one thing. But knowing that an employee you paid and supported facilitated an attack can leave you, and their colleagues, struggling to trust others in the future. Oversights may cause accidental inside attacks too. This may be down to an employee downloading an attachment from a suspicious email, failing to follow standard practice when making company payments or something equally minor. Segregation of Duties takes care of all this. For example, if one worker is preparing to download a new tool but requires another’s agreement first, they may discover a security risk before any harm is done. This reduces the danger of genuine accidents caused by ignorance and acts as a deterrent for insiders looking to sabotage the business. Should any attacks take place, it’s far easier to determine which party must have been responsible just by addressing those individuals with access. This is much more difficult when everyone in the company uses every aspect of the system without restraint. Less power is up for grabsImagine if a hacker manages to gain access to your system by cracking an employee’s login details. Imagine if said employee has full access to every tool, every database, every service — a criminal could basically take control of your business and cause monumental damage before they’re shut down. With Segregation of Duties, you can minimize the power any hacker would wield should they find a way into your network. Accounts are shared between a small group of people and only they have authorized entry. Any sign of unexpected activity within those accounts would indicate a potential issue. Furthermore, all aspects of your company which require a different set of credentials to enter would be secure. This allows you to focus your attention on the problem areas rather than addressing the entire company. Accounts and credentials are easier to manageBusinesses implementing SoD can manage access and credentials more easily in the event of a crisis. Specifically, creating new logins for a compromised account is much easier with just two people to update. It’s a convenient, faster process with less room for error. Segregation of Duties Between IT and CybersecuritySegregation of Duties between your IT department and cybersecurity specialists is vital for increasing your reinforcing business’s defense against hackers. Your IT team may be experienced, well-trained and qualified, but they have to make sure they’re up-to-date on the latest risks, techniques and solutions in cybersecurity. Without this knowledge, they’re more likely to make mistakes when updating systems, maintaining your network or working with vendors. Again, SoD means making sure your IT specialists are accountable and have to run their intentions by someone else. The smallest oversight could end up causing massive disruptions and effectively shut your business down on a temporary (or possibly permanent) basis. Segregation of Duties demands a responsible approach: keep track of which individuals have access to specific accounts and which are authorized to perform certain tasks. Make sure to limit any crossover that could cause problems, such as putting the same person in two or three teams. This may lead to a conflict of interest and questionable choices. Working with experienced cybersecurity experts is crucial for companies of all sizes, across all industries. Businesses have to take charge of their own protection and implement strategies designed to limit the damage a single attack is capable of. All companies must stay organized and plan ahead when implementing a SoD strategy. Cybersecurity professionals can advise you on the major threats your business faces and how best to protect against them. Cybersecurity experts will help you understand what that involves, how to implement Segregation of Duties and combat even the most creative cybercriminals. Want to learn what The Driz Group can do for your company? Please don’t hesitate to reach out to our dedicated teamnow. Trend Shows Cybercriminals Are Turning to FormjackingA newly released global cyberthreat trend shows that cybercriminals are turning to formjacking as a new get-rich-quick scheme. In the recently released Internet Security Threat Report, Symantec reported that on average, more than 4,800 unique websites are compromised with formjacking every month. According to Symantec, formjacking has increased dramatically since mid-August 2018. By the end of 2018, Symantec said it detected 3.7 million formjacking attacks, with nearly a third of all detections occurring during November and December – the busiest online shopping period. Symantec said that while any organization, regardless of size and location, which processes payments online is a potential victim of formjacking, small and medium-sized retailers are, by and large, the most widely compromised by formjacking attackers. What Is Formjacking?Formjacking is a type of cyberattack that injects malicious code into website forms. This malicious code allows attackers to steal credit card details and other personal and financial information that are entered into the compromised forms as information is automatically sent to attackers. Stolen information could be used by attackers to perform payment card fraud or attackers could sell these details to other cybercriminals. According to Symantec, attackers need only 10 stolen credit cards from each of the more than 4,800 compromised websites each month to earn up to $2.2 million per month considering that the current value for each card is $45 in underground selling forums. How Are Formjacking Attacks Carried Out?In recent months, two methods of formjacking attacks were observed: supply chain attack and redirection chain. Supply Chain AttackOne of the ways by which formjacking attackers gain access to a website and change the code on its checkout page is through supply chain attack. In a supply chain attack, attackers gain access to a large organization’s website and change the code on its checkout page by exploiting the security vulnerabilities in a smaller business used by the larger company to provide different services. The Ticketmaster formjacking case is an example of a formjacking attack carried out by means of a supply chain attack. In the Ticketmaster case, attackers injected malicious code into Ticketmaster’s checkout pages after compromising a chatbot used by Ticketmaster for customer support. This malicious code enabled the Ticketmaster attackers to capture payment card data and other information from customers and send them to their servers. The chatbot used by Ticketmaster for customer support was hosted by Inbenta, an external third-party supplier to Ticketmaster. Inbenta chief executive Jordi Torras toldZDNetthat attackers exploited a number of vulnerabilities of Inbenta’s servers and in the process altered the chatbot code. "It has been confirmed that the source of the data breach was a single piece of JavaScript code, that was customized by Inbenta to meet Ticketmaster's particular requirements," Jordi Torras said. "The JavaScript we created specifically for Ticketmaster was used on a payments page, which is not what we built it for. Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat." The Ticketmaster formjacking case, therefore, wasn’t directly an attack against Ticketmaster but an attack on a third-party supplier Inbenta. It’s worthy to note that supply chain attack was also used in the NotPetya attack in 2017 in which MEDoc, a tax and accounting software package, was used for the initial insertion of NotPetya malware into corporate networks. Supply chain attacks show that cybersecurity hygiene shouldn’t only be implemented within an organization’s internal IT systems but also for third-party software and applications. Redirection ChainRedirection chain as a means of carrying out a formjacking attack is a new technique used by attackers in late 2018. In a redirection chain attack, a user that uses a checkout page of an online retailer is redirected to the checkout page of another online retailer which is injected with formjacking code. When this user enters payment information, the information is sent both to the retailer as well as to the attackers. In December 2018, Symantecreported that it detected a checkout page of a retail store in Paris which was injected with a formjacking code. The injected formjacking code, Symantec said, collects the payment information entered by customers and posts it to the domain google-analyitics.org. Symantec observed that popular online retailers’ checkout pages from different countries, such as the U.S., Japan, Australia, and Germany redirected to this one Paris checkout page. “This created an interesting redirection chain as customers of all these websites were being infected by formjacking at the same time,” Symantec said. Symantec added that to make matters worse, the formjacking code in the above-mentioned redirection chain attack comes with Firebug, a debugging tool that prevents security researchers from analyzing the malicious code. PreventionFormjacking attacks are becoming sophisticated and stealthy as shown in the above-mentioned examples. Users of compromised checkout pages may not realize they’re victims of formjacking as compromised checkout pages generally continue to operate as normal. Here are some cybersecurity measures in order to prevent formjacking attacks:
Don’t have cybersecurity resources or dedicated CISO? Contact us today to mitigate IT risks, fast. 3 Most Common Web Application Security VulnerabilitiesAlmost all organizations today have an online presence, mostly in the form of an official website. While these websites open a window of opportunities for organizations, these same websites are at times a bane to organizations as these are becoming attractive targets for cyber attackers. What Are Web Application Security Vulnerabilities?One of the ways by which cyber attackers wreak havoc on corporate websites is by exploiting the security vulnerabilities in web applications. Web applications, also known as web apps, refer to software programs that run in a web browser. A web application can be as simple as a contact form on a website or a content management system like WordPress. Web application security vulnerabilities, meanwhile, refers to system flaw or security weakness in a web application. Web applications are gateways to a trove of data that cyber attackers find attractive and easy to steal. Every time website visitors sign up for an account, enter their credentials or make a purchase via an official corporate website, all this data, including personally identifiable information, is stored on a server that sits behind that web application. Exploiting a security vulnerability in a web application allows attackers to access the data stored on that server. Imperva, in its “State of Web Application Vulnerabilities in 2018”, reported that the overall number of new web application vulnerabilities in 2018 increased by 23%, that is, 17,308 web application vulnerabilities, compared to 2017 with only 14,082 web application vulnerabilities. Most Common Web Application Security VulnerabilitiesHere are the 3 most common security vulnerabilities affecting web applications: 1. InjectionsBased on Imperva’s data, the number one web application vulnerability in 2018 was injection, representing 19% of the web application vulnerabilities last year. In an injection attack, an attacker inserts or injects code into the original code of a web application, which alters the course of execution of the web app. According to Imperva, the preferred method of attackers last year to inject code into web applications was remote command execution (RCE) with 1,980 vulnerabilities. Remote command execution allows an attacker to remotely take over the server that sits behind a web application by injecting an arbitrary malicious code on the web app. The Equifax data breach that exposed highly sensitive data of millions of U.S. customers, as well as thousands of U.K. and Canadian consumers, is an example of a cyberattack that used the injection method, in particular, remote command execution. Attackers gained access to the data of millions of Equifax’ customers by exploiting the vulnerability designated as CVE-2017-5638in the web application used by the company. At the time of the attack, Equifax then used an outdated Apache Struts, a popular open source framework for creating enterprise-grade web applications. Despite the advisory from the Apache Software Foundation, the organization that oversees leading open source projects, including Apache Struts, to update the software to the latest version, Equifax failed to do so, leading the attackers to breach the sensitive data of millions of the company’s customers. On March 7, 2017, the Apache Software Foundation issued a patch or security update for CVE-2017-5638 vulnerability. On May 13, 2017, just a few days after the CVE-2017-5638 patch was released, attackers started their 76-day long cyberattack on Equifax, this according to the findings of the U.S. House Oversight Committee. 2. Cross-Site ScriptingThe second most common web application vulnerability is cross-site scripting. According to Imperva, cross-site scripting ranked as the second most common vulnerability in 2018, representing 14% of the web application vulnerabilities last year. Cross-site scripting, also known as XSS, is a type of injection in which malicious code is inserted into a vulnerable web application. Unlike injection in general, cross-site scripting particularly targets web visitors. In a cross-site scripting attack scenario, an attacker, for instance, embeds an HTML tag in an e-commerce website’s comments section, making the embedded tag a permanent fixture of a webpage, causing the browser to read the embedded tag together with the rest of the original code every time the page is opened, regardless of the fact that some site visitors don’t scroll down to the comments section. The injected HTML tag in the comments section could activate a file, which is hosted on another site, allowing the attacker to steal visitors’ session cookies – information that web visitors have inputted into the site. With the stolen session cookies of site visitors, attackers could gain access to the visitors’ personal information and credit card data. 3. Vulnerabilities in Content Management SystemsImperva’s State of Web Application Vulnerabilities in 2018 also showed attackers are focusing their attention to vulnerabilities in content management systems, in particular, WordPress. Attackers are focusing their attention on WordPress as this content management system powers nearly one-third of the world’s website. Data from W3Techsshowed that as of late December, last year, WordPress usage account for 32.9% of the world’s websites, followed by Joomla and Drupal. According to Imperva, the number of WordPress vulnerabilities increased in 2018 despite the slowed growth in new plugins. Imperva registered 542 WordPress vulnerabilities in 2018, the highest among the content management systems. The WordPressofficial website, meanwhile, reported that only 1,914 or 3% from the total 55,271 plugins were added in 2018. Ninety-eight percent of WordPress vulnerabilities are related to plugins, Imperva reported. Plugins expand the features and functionalities of a website. WordPress plugins are, however, prone to vulnerabilities as with this content management system (being an open source software), anyone can create a plugin and publish it without security auditing to ensure that the plugins adhere to minimum security standards. Web Application Attack PreventionA web application firewall (WAF) is one of the best cybersecurity solutions that your organization can employ against web application vulnerabilities. Trust the experienced team that protects hundreds of sites and applications. Protect your web application within 10-minutes and keep cybercriminals at bay. Get started today! Look Back into the First Major Cyberattack: The Morris WormThirty years ago, the Morris worm, dubbed as the first major cyberattack, was unleashed into the wild, crashing or slowing to a crawl 10% or 6,000 of the 60,000 computers then connected to the “Internet”. What Is Morris Worm?Morris worm is named after its creator Robert Tappan Morris. A worm, meanwhile, refers to a type of malicious software (malware) that has the ability to spread itself within networks without user interaction. Courtdocuments showed that Morris, then a first-year graduate student at Cornell University's computer science Ph.D. program, released the worm on November 2, 1988 through a computer at the Massachusetts Institute of Technology (MIT), which Morris hacked using a Cornell University's computer. Morris worm was released into the wild a year before the world wide web came into existence. The term “Internet” then referred to a U.S. computer network, composed of connected computers from prestigious colleges, research centers, governmental and military agencies. In less than 24 hours on November 2, 1988, Morris worm infected the computers of institutions, including Harvard, Princeton, Stanford, Johns Hopkins, National Aeronautics and Space Administration (NASA) and the Lawrence Livermore National Laboratory. While the worm didn’t destroy or damage files, infected computers slowed to a crawl or ceased functioning and emails were delayed for days. The estimated cost of dealing with the Morris worm at each installation ranged from $200 to over $53,000. The worm infected computers running a specific version of the Unix operating system in 4 ways: First, via a security vulnerability in “SEND MAIL”, a computer program that transfers and receives electronic mail; Second, via a security vulnerability in the "finger demon", a computer program that allows extraction of limited information about the users of another computer; Third, via "trusted hosts" feature that allows a user with certain privileges on one computer to have equivalent privileges on another computer without using a password; and Fourth, via a program that guesses passwords using various combinations of letters tried out in rapid succession, hoping that one will be an authorized user's password. When the correct password is entered, the intruder is allowed whatever level of activity that the user is authorized to perform. Morris designed the worm to stay hidden. The worm was designed in such a way that it won’t copy itself onto a computer that already had a copy. The worm was also designed in such a way that it would be killed when a computer was shut down. Consequences of the Morris WormFor unleashing the worm into the wild, Morris became the first person convicted for violating the U.S. Computer Fraud and Abuse Act, which outlaws unauthorized access to protected computers. He was sentenced to 3 years of probation, 400 hours of community service, a fine of $10,050 and the costs of his supervision. The first major cyberattack perpetrated by the Morris worm showed how vulnerable interconnected computers had become. Just days after the Morris worm attack, the U.S. Government created the country’s first computer emergency response team under the direction of the Department of Defense. Developers also began creating intrusion detection software. On the flip side, the Morris worm inspired a new breed of malicious hackers, plaguing the digital age. In recent memory, the worm that resembles the devastation caused by Morris worm is the WannaCry worm, commonly known as WannaCry ransomware. In less than 24 hours on May 12, 2017, more than 300,000 computers in 150 countries were infected by WannaCry, each demanding a ransom payment. WannaCry is categorized as a worm as similar to the Morris worm as it has the ability to spread itself within networks without user interaction. WannaCry specifically exploited the security vulnerability in Server Message Block Protocol (SMB protocol) in some versions of Microsoft Windows. SMB protocol allows users to access files, printers and other resources on a network. PreventionHere are some cybersecurity measures to protect your organization’s computers or networks from worms similar to WannaCry and Morris worms: Implement Network SegmentationIn network segmentation, vital computers that housed critical information and operations are separated or disconnected from computers connected to vulnerable systems like the public internet. Network segmentation ensures that when internet-facing computers are infected by a worm, these vital computers aren’t affected. Keep All Software Up-to-DateMake sure that software security updates are installed as timely as possible, not months or years after the release dates of the security updates. Cyberattackers have automated the process of scanning the internet for finding vulnerable computers – those that fail to install security updates. This was the case for WannaCry victims as they failed to install the security update issued by Microsoft months before the WannaCry cyberattack. Refrain from Using Legacy Hardware and SoftwareThe term “legacy” refers to old and outdated computer hardware or software. Similar to computers that fail to timely install security updates, legacy hardware and software programs are similarly targetted by cyberattackers as these legacy hardware and software programs no longer receive security update from their vendors. Some versions of the Microsoft Windows (Windows XP, Windows 8, and Windows Server 2003 operating systems) were targeted by WannaCry attackers as well as during the attack these software programs were no longer supported by Microsoft. A day after the WannaCry attack, however, Microsoft released security updates for Windows XP, Windows 8, and Windows Server 2003. Protecting computers or networks from worms and other malicious software is important in order to prevent data breaches. Under Canada’s Digital Privacy Act, starting November 1 this year, private organizations are mandated to notify the Privacy Commissioner of Canada and the affected individual “as soon as feasible” in the event that a data breach poses a “real risk of significant harm” to any individual. When you need help assessing and mitigating the cybersecurity risks, contact out team of expertsand minimize the likelihood of a data breach. |
AuthorSteve E. Driz, I.S.P., ITCP Archives
May 2023
Categories
All
|
5/22/2023
0 Comments