October 01, 2020
National Cyber Security Awareness Month (NCSAM) reminds us to renew our commitments to protecting our company, clients, and each other from ever-evolving security threats. The digital world continues to expand in scale and complexity and with COVID-19, we’re spending even more time connected to digital environments. By expanding our digital footprint, we provide more opportunities of attacks for bad actors, opening our customers and ourselves to additional risks.
It’s tempting to focus on the novel – whether it’s the latest malware threat or activities of criminal networks and State actors. While these stories drive headlines, unless your job includes threat detection or cybercrime investigation, your greatest contribution will be to focus on awareness and protection.
According to the latest “Verizon Data Breach Investigations Report,” the two most common threats they investigated were Phishing (social engineering) and stolen credentials (hacking). Additionally, most data compromised from Phishing breaches, were credentials. This connects these threat vectors, showing that the majority of breaches target information or credentials from internal users, which directly or indirectly leads to a breach and loss of data.
What this means is that we ALL have a responsibility to counter these threats— regardless of our level of security knowledge or technical expertise. The key lesson from the Verizon report is that our efforts to maintain awareness and practice good security hygiene have the highest potential to disrupt bad actors and thwart their attacks. In practice, if you get an odd email from the CEO—think twice and notify your IT department. Guard your credentials and access—no legitimate business or IT department will ask for your access credentials. A recent Dark Reading article points to good hygiene practices while working from home.
Our success in protecting our and our customers’ assets and data depends on everyone doing their part—not just our security credentialed staff. Stay aware, stay focused, and call out odd behavior—this will drive a culture to protect our agencies, companies, and each other from attacks.