2 Cybersecurity Challenges We Can Stop Talking About, and 2 We Can’t
Cybersecurity is a perpetually hot topic. At certain points, however, it becomes evident it’s time to stimulate new conversations about subjects that require more focus and cease discussing others.
Here are two examples of issues people can stop talking about, and two that need more discussion.
Time to Stop Talking About: Ultra-Basic Cybersecurity Challenges
Most people already know they should get anti-virus programs or understand their devices already contain built-in protections.
Similarly, email users typically know they shouldn’t regularly sift through their spam folders and find the “unbeatable offers” that land there. Rather, they should go into their spam folder only to ensure valuable content was flagged incorrectly.
Indeed, some people not used to technology might need brief reminders of super-basic cybersecurity concepts. In general, though, it’s better to devote time to more advanced issues.
Time to Stop Talking About: Whether Cybersecurity Tools are Worth the Investment
It’s past time for company boards to spend countless hours debating whether it’s worth the money to invest in cybersecurity strategies. That’s because the mindset often centers on the question, “How much of a return on investment would cybersecurity defenses generate?” The decision-makers at a company should recognize that such investments represent money saved.
Statistics indicate that the total costs of cybercrime will average $6 trillion per year through 2021. However, business leaders often overlook the costs beyond direct financial losses stemming from cybersecurity problems. For example, companies may deal with poor stakeholder perceptions, low employee morale or high turnover rates.
It’s often impossible to calculate the total costs of issues like those. As such, it’s no longer relevant for companies to engage in seemingly never-ending discussions to ponder whether it’s worth using funds for cybersecurity. Recent high-profile breaches highlight why the entities that choose not to spend money on cybersecurity are operating foolishly.
In case any businesses believed 2019 would be less prone to cybersecurity problems than the years before it, it’s crucial to realize that the first data breach of 2019 happened only hours after the year started. It involved information from approximately 30,000 civil servants in Australia, including work emails and phone numbers, plus job titles.
Keep the Conversation Going About: Phishing
Phishing attacks attempt to gain information from internet users, usually by sending them carefully created emails that appear as shipping confirmations, invoices or even alerts that people have won the lottery.
Although many people know some of the warning signs of phishing attempts by now, scammers don’t get discouraged. A report published in October 2018 showed a 297 percent increase in phishing attacks crafted as fake retailer websites that aim to steal information that individuals provide after falling for the tricks.
In addition, at the beginning of 2019, a cybersecurity researcher unveiled an automated penetration tool for phishing that could get into accounts protected by two-factor authentication. It allows hackers to collect the authentication tokens and establish legitimate sessions with them.
Phishing attacks are becoming more sophisticated. That’s why the conversation needs to continue.
Keep the Conversation Going About: Malware
Malware is not a new cybersecurity risk, but there are diverse and relatively new ways that people’s devices get exposed to it. A report from an internet security research firm published in January 2019 warns about malware showing up on some Alcatel phones out of the box due to a compromised weather app.
The malware attempted to initiate transactions that would have billed users for unauthorized services or calls. It also sent their information to servers in China.
Another Android-related issue centers on 13 driving games offered in the Google Play store that installed malware on the phones of more than 580,000 users. The app crashed upon launch, making people assume it had a bug. However, the game installed malware in the background, then deleted the associated application icon from the phone.
In late September 2018, news broke about a type of malware targeting freelancers. It appeared when people found some job postings on sites such as Freelancer.com and Fiverr and clients asked freelance workers to download attachments with details about potential jobs. When they did, keylogging malware was installed on the freelancers’ machines.
A study from McAfee Labs determined that new malware rose by 53 percent in the third quarter of 2018, suggesting people need to look out for emerging methods in 2019, too. The report highlighted cryptojacking and internet of things (IoT) malware as particular risks.
Discussions Must Continue
Although some cybersecurity topics—such as the two listed here—are irrelevant, others deserve ongoing attention because of the risks they pose. Regularly discussing these matters helps build awareness.
