Security: Making yourself a hard target for hackers is easier than you think

Teaching staff even the most basic cyber security techniques can help protect them in the workplace – and at home.
Image: iStock
We seem to be in the grip of a data breach epidemic. Whether it’s big businesses falling victim to cyber espionage campaigns, workers foolishly handing over their credentials in reply to phishing emails from fraudsters or just consumers getting their PCs infected with malware there are security threats everywhere.
But the reality is that it doesn’t have to be this way: with a few simple precautions businesses and consumers can do a lot to secure their accounts and data.
Strong passwords, two factor authentication, anti-virus and backups are just some of the simple things users can employ to protect themselves from cyber attacks – yet breaches and cyber attacks show that some of the most basic advice is often not followed.
“We pretend this is the most complicated thing in the world and yet strong passwords, backing up your data, updating your security software: security isn’t that difficult,” said Raj Samani, Chief Scientist at McAfee.
The UK’s National Health Service was one of the most high-profile victims of May’s global WannaCry ransomware virus outbreak, with a significant proportion of hospitals taken offline – some which didn’t have systems restored for weeks.
An investigation following the incident found that NHS Trusts had been warned to apply critical patches to prevent systems being exposed to the EternalBlue Windows vulnerability which powered WannaCry, but that many failed to do so. Of course, nobody knew that just a month following the warnings that WannaCry would hit, but failing to patch systems left many organisations open to attack.
“If I’d come to you in April and said there’s going to be a massive worm, it’s going to be infecting with ransomware, how do you protect yourself against it? Everyone knows how to protect against that,” said Samani, referring to how patches would have been prioritised.
“I understand there are business pressures which are that patching and updating systems isn’t necessarily simple to do, but yet we all know how to have prevented these attacks, so let’s not over-complicate the issue,” said Samani.
网络安全人才奇缺,软件人才可否转型?

Making security your problem
What can potentially help is to personalise the issue: it’s all very well telling users that they should follow a particular company policy in order to ensure security, but in many cases, if the user doesn’t understand why they have to follow a particular rule, they probably won’t do it.
Explaining what threats could be waiting online and how to to protect against them can go a long way towards boosting enterprise security.
See also: What is phishing? Everything you need to know to protect yourself from scam emails and more
“Someone going into a work event and learning about why it’s important to have a strong password on their email or why not to transfer money when booking a holiday, all these best practices they learn for themselves become second nature in the business,” said Sarah Martinez, communications director for Get Safe Online, an organisation which provides information and advice on online safety.
And while some might expect digital-native technically-savvy younger people will bring better security awareness with them as they become a bigger part of the workforce, research by Get Safe Online suggests it’s people aged 18-24 who are most likely to fall victim to phishing attacks.
The organisation recently ran a ‘training academy’ in which it taught grandparents the skills they needed to carry out phishing tests on their grandchildren – and by using just simple techniques many of the targets fell for it.
While it wasn’t a real cyber criminal on the other end of the email exchange, it demonstrates how easy it can be to fall for a cyber attack, especially if basic security principles aren’t adhered to.
“It was cheeky, but the idea was to demonstrate we can’t be complacent and think we’re not at risk. This was easy, it was first-page Google search tech which we showed 65 year olds,” said Martinez.
This ‘Scammer Nanas’ experiment demonstrated two things: firstly, how easy it is for fall victim to online attacks and secondly how people with only the most basic training – even if it is cribbed from an online search – are capable of luring victims.
And while the premise of using grandparents as attackers might seem far-fetched, thanks to the rise of cybercrime-as-a-service, almost anyone who wants to dip their toes into hacking and cyber crime has the option to do so, even if they lack the skills.
“The challenge we have now is that my 12-year old daughter could launch a ransomware campaign,” said Samani. “The technical barriers required to become a criminal working in the digital world has actually lowered”.
“That’s the challenge; we want to make it difficult from an ROI perspective, but the economy has made it so much simpler to do this,” he added.
Ensuring that even the most basic cyber security procedures are adhered to the theory is that not only would it help to protect individuals and organisations against attacks, but even simple barriers could prove enough to stop some cyber criminals from conducting malicious activities because the time and effort required to conduct the attacks is no longer worth it.
READ MORE ON CYBER SECURITYOnline security 101: Tips for protecting your privacy from hackers and spiesInternet of Things security woes: Can smarter consumers save the IoT from disaster?Darknet 101: Your guide to the badlands of the internet [CNET]After WannaCry ransomware attack, the NHS is toughening its cyber defencesSecurity experts: Every business should have a security and encryption policy [TechRepublic]
Related Topics:
Security TV
Data Management
信息安全所面临的威胁,除了我们非常熟知的来自外部的不良黑客、商业间谍、自然灾害等等之外,最主要的部分是来自内部的威胁,首先是员工的网络信息安全意识淡薄,缺乏信息安全保密知识,进而造成我们的防护能力低下。
随着网络技术的快速发展,网络安全问题也变得越来越重要,一些突发的网络信息安全事件给国家、社会和我们的组织机构造成了巨大的影响。因此,培训和教育员工及时发现、报告以及应对安全紧急事件始终是我们关注的重要问题之一。

猜您喜欢

互联网金融移动APP与虚假WIFI的信息安全教训
小议企业级信息安全管理
网络安全法宣传片 002 国家网络安全的现状与重要性概述
猫狗这对死对头竟和谐相处 第1张图就让人不敢相信
ASTROSCHMID TEENSHOMECLIP
正确认识信息数据“加密”