In our always-connected world where the private information of individuals and organizations is vulnerable to exposure and misuse, cybersecurity is everyone’s responsibility because hackers or malicious threat actors who steal proprietary information don’t care about age, gender, race, culture, beliefs, or nationality. They probe your digital footprint and your Internet-connected computers based on opportunity, often seeking financial gain.
Hackers take advantage of trusting individuals
Targeting Humans – People are the number one target and cause of cybersecurity failures because most of them are trusting individuals who want to help, or contribute, as part of human nature and their jobs. Hackers and malicious insiders take advantage of that trust by appearing to make legitimate business requests from bosses or sharing social items of a more personalized nature. They’re counting on peoples’ curiosity and willingness to cooperate to get them to “click on the link” in a business or personal email.
Targeting humans as the primary cause of breaches
One single click on a malicious link, however, can download malware onto your computer that can immediately lock up data in a “ransomware” attack, and oftentimes, you have to send money to regain access. Or, the downloaded malware can, unbeknown to the user, begin instantly collecting information aimed at gaining credentials and passwords for exploiting later. While many of these actions by humans are accidental or not intended to be harmful, the result can cause considerable damage to themselves, their family, their co-workers, their company, and their community.
Hackers want to steal your identity and credentials
As the use of the Internet and social media have grown, hackers and cybercriminals have changed the techniques they use to target people. Email continues to be the number one weapon of choice, followed by infected websites, social media scams, and stealing digital identities and passwords.
Recent research shows that up to 80 percent of all data breaches involve compromising an employee’s credentials. In one survey, hackers claim that stealing an employee’s password is the fastest (and most preferred) way to breach and bypass a company’s cybersecurity controls.
Cybercriminals will spend up to 90 percent of their time performing reconnaissance
As you connect to online services to get the latest news, shop for the best deals, chat with friends, stream music and videos, and conduct banking transactions, you quickly become a target of cybercriminals. Using social media, for example, you typically share a lot of personal identifiable information about your physical and digital identities. This info includes full name, home address, telephone numbers, IP address, biometric details, location details, date of birth, birthplace, and info on other family members. Cybercriminals know this and can spend up to 90 percent of their time performing reconnaissance by using online social media sources to apply advanced search techniques and specialized search engine parameters to uncover confidential information from companies and individuals that doesn’t typically show up during normal web searches.
Hackers are specifically looking to steal your username and password credentials so they can access your information and impersonate as you. And, when your identity is stolen, an attacker can easily bypass the traditional technical security perimeter controls without being detected. Once inside the computer network, cybercriminals can carry out malicious attacks or access and steal confidential information by posing as a legitimate user.
Your work and personal info are all linked in cyberspace
The protection of information related to both your work and personal life can no longer be separated. The frequent and pervasive use of social media networks, working from home or when traveling, and the Internet of Things (IoT) connecting all kinds of household devices means that cybersecurity is no longer just the responsibility of your company IT department.
Protection of information related to your work and personal life cannot be separated
A compromised personal account can easily lead a hacker to discover enough information about you to make hacking your business email so much easier. As the line between business and personal Internet use continues to blur, every employee must contribute in protecting information assets at work and at home.
Standing on the Frontline
Many folks at work and home suffer from cyber fatigue, which describes the frustration experienced in juggling scores of online accounts with multiple passwords needed to gain access to the information you use daily or hourly. In some cases, individuals feel so frustrated that they give up trying to manage things safely and default to using the same passwords for multiple accounts, sharing passwords with family members, and logging in to the Internet using their social media accounts. You are the frontline in the battle to keep information secure. Attacks rely on your goodwill and trust to succeed, so you must become more personally responsible in how you manage your information, and this can be tiring.
To overcome cyber fatigue (or to avoid it all together), I suggest following these tips:
- Simplify your logon experience by using a password manager to reduce the pain of selecting long complex passwords, remembering too many passwords, and choosing unique passwords for each account. A password manager will do this for you.
- Set your programs, applications, and security software to automatically update so you don’t have to do it manually. One of the most important steps in cybersecurity is staying up to date, and enabling auto updates helps you so you don’t have to worry about getting the latest security patches.
- Schedule data backups to ensure that when bad things happen you always have a solid backup to get back on track and not get stressed out about losing important data.
- Stay educated on the latest security trends so you know what’s important and can help avoid information overload about not knowing what’s happening in cyberspace.
This is a Security Bloggers Network syndicated blog post authored by Joseph Carson. Read the original post at: Thycotic