In the United States, the month of October is no longer just for marking the arrival of Fall and celebrating Halloween – it’s now an occasion for improving cyber security awareness training and boosting overall cyber security resilience. For the 16th consecutive year, October is now National Cyber Security Awareness Month (NCSAM), and U.S. federal agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) are co-sponsoring a number of meetings, training sessions, cybersecurity careers events, and public awareness campaigns around the broad theme of cyber security awareness training.
The goal of National Cyber Security Awareness Month is to raise awareness about the importance of cyber security best practices, as well as actionable steps that individuals can take to make their homes and workplaces safer and more secure. It has the full support of the federal government, under the auspices of the Department of Homeland Security, and is specifically designed to create stronger links and collaboration between government and industry. At a time when hacker attacks against the nation’s critical infrastructure are an ongoing and ever-present threat, NCSAM 2019 is particularly relevant as a way for organizations to stay safe.
ALSO READ Hackers have become so sophisticated that nearly 4 billion records have been stolen from people in the last decade alone. Here are the 10 biggest data breaches of the 2010s.
Lex Boost, CEO of Leaseweb USA, comments on the importance of recognizing NCSAM: “The perils of the internet continue to increase year after year, with cyber attacks becoming more frequent and more sophisticated. Large organizations, and even the federal government, have recently felt the sting of numerous attacks – illustrating the evolving and increasingly complex landscape we are living in. Cybersecurity Awareness Month is a great opportunity to raise awareness around the importance of taking cybersecurity measures to protect your business. While cybersecurity awareness month is only a month long, it is important to remember that cybersecurity awareness is an everyday job.”
ALSO READ When Card Shops Play Dirty, Consumers Win
The slogan for this year’s NCSAM is “Own IT. Secure IT. Protect IT.” The intention is for people to take greater personal responsibility for cyber security awareness training, in order to have a safe and secure online experience. In past years, the overarching message of NSCAM was “Our Shared Responsibility,” but this year, the emphasis has shifted to personal accountability.
For example, “Own IT” refers to all the steps that individuals can take to own their social media profiles, to make security top of mind, to become more aware of how the Internet of Things can impact cybersecurity, and to take greater interest in online privacy discussions. “Secure IT” refers to all the additional security measures – such as using stronger passwords and multi-factor authentication – that people can use to become more secure and to protect themselves from online hackers.” Finally, “Protect IT” refers to all the steps that people can take to protect the digital home and digital workplace, such as by making Wi-Fi networks more secure.
READ ALSO What you missed in cybersecurity this week Zack Whittaker
Harold Sasaki, Senior Director of IT and TechOps at WhiteHat Security, suggests a few of the ways that individuals can put these ideas into practical use: “Only purchase online from well-known stores. Stores like Amazon, eBay, Walmart and Nordstrom spend a lot of money and resources to make sure your data is safe. Just because a store uses encryption does not mean that once they have your data that it is kept secure. Avoid smaller unknown sites that may or may not have the proper level of security for your data. Larger established companies also usually have a well-defined process for disputing purchases that may be fraud.”
In addition, says Sasaki, “Keep an eye on your credit card statements for unauthorized charges, even at stores you normally shop at. Use multi-factor authentication when possible. If a website or app allows for multi-factor authentication, the hassle is worth the extra level of security. This is usually in the form of a code that comes to your registered phone or email address. Keep social media content private. Unless you are a movie star, or these days a YouTube star, you should be careful about what personal data you post on social media. This is a common way that celebrities get hacked as passwords are often derived from pet’s names, favorite foods, or other personal information. Public personal data also increases your risk for identity theft.”
Taken together, all of these different elements of “Own IT. Secure IT. Protect IT” can be used by organizations to create a very effective and robust cyber security awareness training program to address common cyber threats. The reality is that, despite all the media buzz about hackers, cyber threats, and nefarious schemes to infiltrate corporate computer networks, most corporations are not doing enough when it comes to cyber security awareness training.
ALSO READ Equifax, Words with Friends and beyond: Every major security breach and data hack
This fact is highlighted by a recent GetApp data security survey, which found that 43% of employees do not receive data security training on a regular basis. And, in fact, 8% of employees never receive any data security training at all. To help companies come up with an appropriate cyber security awareness training program, GetApp provides a number of recommendations to complement its survey findings. For example, GetApp recommends that organizations first send out a questionnaire or survey to employees, asking them to answer a few basic questions about their current security practices (e.g. how often they update their passwords) in order to get a basic understanding of the company’s current data security profile. Based on that, it will become much easier to arrive at the proper elements to include as part of any cyber security awareness training program.
Trevor Bidle, VP of Information Security and Compliance Officer, US Signal, has a few suggestions of how to transform key training lessons into actionable business steps: “On the 16th anniversary of National Cyber Security Awareness Month, it’s important to think about how your organization can work to prevent and mitigate cyber attacks. Many organizations are turning to managed service providers to help implement, monitor and maintain a mixture of cybersecurity technologies, including cloud-based firewalls, DDoS protection and email security. In addition, 97 percent of participating organizations scan and test for vulnerabilities within their web applications. The recent number of organizations that are experiencing cyber attacks is jarring. The survey brings to light that there is always room for improvement in keeping up with modern cyber threats. National Cyber Security Awareness Month is a great opportunity to remind companies of the need for more robust security tools and managed services to help resource-strapped technical teams year round.”
As GetApp points out, hackers are currently evolving their techniques and coming up with new approaches for getting access to a company’s sensitive data or personal information. The latest form of hacker attack is known as the social engineering attack. In many ways, it resembles the old “con game” of the analog era, in which a crime is only pulled off after gaining the confidence (“con”) of the victims.
READ ALSO I will let you know if your account was part of a data breach
Thus, in a social engineering attack, the goal is first to gather as much intelligence and data about an organization – how it is structured, who the top executives are, and how approvals are made for important corporate spending projects. From there, hackers will drill down into the type of data and information that they will need to carry out the attack. This might be as simple as scouring social media profiles or tapping into public records. In other cases, though, it might require the hacker reaching out via email, social media or even phone to “verify” certain details.
Once this has been done, the attack can be carried out. For example, one specialized form of the social engineering attack is known as “pretexting.” In this form of attack, the hacker poses as someone else – such as a top corporate executive or government official – in order to convince someone to approve a request, forward a certain document, or hand over login credentials.
The reason why these attacks are so successful, says GetApp, is that they tend to exploit human nature. Most people, by their very nature, are trusting and willing to help. Thus, when they get a request from someone claiming to be an authority figure, their first inclination is to help out – and this is exactly the weakness that hackers will exploit to achieve their end goal. Once this weakness has been found, that can set the stage for a malware infection or phishing attacks.
Thus, one building block of any cyber security awareness training program needs to be awareness of how to deal with these social engineering attacks. And yet, by and large, most companies currently allocate little or no resources to this problem. According to GetApp, only slightly more than in one in four companies (27%) provide any type of social engineering-related cyber security awareness training.
Clearly, there is much more that companies can be doing to protect their vital, mission-critical information and the personal information of their customers. While the problem can seem daunting, the good news is that cyber security awareness training is going mainstream. And, with month-long events like National Cyber Security Awareness Month (NCSAM), small and mid-sized businesses can finally get the help and assistance they need to be prepared for any cyber threat scenario.
15 Nov, 2019  0  Comments
The government has announced plans to invest more than 350 million shillings in a skills development programme for Public Communication and Information officers.
According to Ministry of... ...Read More
Chief Justice David Maraga has downplayed the absence of key Government officials during the National Council on Administration of Justice (NCAJ) meeting.
Senior Government officers among... ...Read More
When talking about international intelligence-sharing agreements, things can get complicated fast. Don’t worry—we are going to quickly walk you through the key information... ...Read More
The U.S. government spies quite a bit on their own citizens. But these days, who doesn't?
This article originally appeared on GlobalPost.
The US... ...Read More
Sign up to receive our free newsletters!
We do not spam. We value your privacy!
© 2019 Just40days.com. All Rights Reserved. Developed by HariOm Technologies