5 Questions to Ask Yourself To Test Your Cybersecurity Knowledge

Cyber Security

5 Questions to Ask Yourself To Test Your Cybersecurity Knowledge

October is Cybersecurity Month.  I’m not sure if everyone knows this, or if only people in the technology business are aware.  I’m not a big consumer of traditional media, so maybe it has been in the news and you all know.  The real question might be, if we do know, do we care?

What exactly do we do for Cybersecurity Month?  Send flowers and chocolate to our favorite hacker, or maybe to our tech person, who has kept our risk low?  This is one of those holidays that makes you wonder who started it.  We can’t blame it on the retailers or Hallmark, because I don’t really think they benefit!  Maybe there is a cybersecurity card… or maybe the next Hallmark movie will be The Beauty and the Hacker… probably not. 

Since it is Cybersecurity Month, let’s pick up the torch and take the opportunity to brush up on our cybersecurity knowledge, because knowledge is power, right?  Can you answer these questions?

1. What is the single most dangerous type of Cyber Attack out there?  You may have already guessed it, Ransomware.  Ransomware is almost always transmitted by email.  Someone in your organization clicks a link or opens an attachment, and suddenly you have a problem.  You can’t access your files without paying a ransom. Seldom does Antivirus catch it.  Often it goes unrecognized until it has locked up some very important files on the network.  How do you recover?  This is the best test of your backup system available, and it is a high stakes test.  If you can recover from backup, you do that.  If you can’t, many pay the ransom, which just keeps the hackers at it.  There are documented cases of ransoms ranging from $300 to $300,000 and more.  What is the best method of prevention?  A Cybersecurity Awareness Training & Testing Program that is consistent and enforced.  If people don’t click, ransomware doesn’t activate.

2. Can you think of a close second type of threat?  Yes, it is phishing, though it is a bit more complicated than that.  It is really what the hacker does once they have captured your login and password that is the dangerous part.  To illustrate, let’s consider an incident that occurred with Caterpillar.  In this case, the CFO of one of their companies fell prey to a phishing scam.  He clicked on the link, and it went to his Office365 email login.  He dutifully put in his credentials, and the phishing site captured them.  The hacker behind the site then used his credentials to submit invoices for payment to his own AP people.  The AP people paid these invoices, since the request was from him and transferred funds of over 11 Million dollars to the hacker.  How do you recover?  The answer in most cases is that you don’t.  The money is quickly siphoned into an offshore account and bounces all over the place to make it untraceable.  What’s the best method of prevention?  Once again, education, but also MFA or Multi-Factor Authentication.  This requires a PIN that has to be entered anytime you check your email over the web or with a new device.  In this case, if MFA was in place, the hacker would not have been able to get into the CFOs email even with his login and password because the PIN would also be necessary.

3. What is the most overlooked simple safeguard against being hacked?  There could be several answers here, but the simplest of them is good password security.  Do you have a password change policy on your network?  It should include a minimum length, special characters, a lockout for failure of more than 3 attempts, and a change requirement of at least every 120 days.  Even on websites or software that does not require a change or a strong password, choose to enforce it on your own.  And, the longer the better.  Moving from an 8-character password to a 12-character password increases your security exponentially.

4. Who are the hackers targeting?  I’m hoping we have all said out loud, in unison, “Everyone”, but it still seems like too many of us default to an answer like, “big companies or big players with something to lose”.  The reality is the hacker is rarely like a sniper out there picking out a company and then trying to hack in.  More commonly, the hacker is like a rebel force  planting bombs or IEDs that will take advantage of anyone who accidently triggers them. By broadcasting viruses, spyware, malware, and phishing emails everywhere, they make everyone a target.  All it takes is that one misstep to trigger a big problem on our organization.  Say it with me, “EVERYONE is a target.”

5. What is the best security strategy?  This is a bit of a trick question, because it is not just one thing.  Like securing a home in a risky neighborhood, to be secure, you need lots of things in place, and even then, you might have someone break in and need to know how to respond.  You may have put lots of safeguards in place already, but how can you know that you are succeeding at security? 

The next step might just be a Security Assessment.  An assessment will include an analysis of your workflow and critical data, an internal vulnerability scan, an external vulnerability scan, and possibly even measurement against a security framework like NIST, HIPPA, or ISO.  Just like a disaster recovery strategy, you don’t really know how good your security is until you test it.

Cybersecurity Month was actually created by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004.  The goal is to raise everyone’s awareness and hopefully prevent Cyber Crime.  

Happy Cybersecurity Month!