(Image: Wk1003mike via Shutterstock)
4.57 Billion humans are on-line, communicating with each other and multiple institutions daily. This ties us together through a common language that we all share, which is networking protocols, which are rules for communication between network devices and how those devices can connect to each other.
Social Media platforms that tie us all together are well understood by the 3.6 billion humans. More than half of the world now uses social media and of those, 346 million new users have come online within the last 12 months.
But how many of us understand how Cybersecurity ties us all together and the negative impact it can have on our lives as professionals? People internal to an organization are a frequent cause of data breaches, both through negligence and with ill intentions.
Employees and contractors are the number one cause of data breaches, and 56% of security professionals say insider threats are on the rise, according to a Haystax survey. The Equifax breach in September of 2017, which exposed the sensitive data of nearly 146 million Americans, was caused by a single employee’s mistake, according to testimony to Congress.
It’s hard to believe that one careless person caused so much damage, but the Equifax case proves it. If companies have a true grasp of these threats, then why according to Experian do only 45% of companies have mandatory cybersecurity training for their employees?
Law #1: If there is a Vulnerability, It will be exploited
Here is a quote from an ex-hacker. “People fail to realize what their data is worth to someone else, period. And to be honest here, social engineering never, ever seems to fail. You can have 10 firewalls sitting around your data and have a DMZ (demilitarized zone) inside the DMZ, but all it takes is for a person to offhandedly mention an IP address you can use or a password for a device that allows you to get onto another device and then get to that database that holds the information you want to access. The way I see it, educating people is the ONLY way to go.
Teach people how to write good code. Teach them how to recognize corrupt code. Teach them to keep their egos in check and not just broadcast information about secure data to others, because that exposes them to social engineering risks. Education and more education is the key.”
Law #2: Everything Is Vulnerable
We can not assume that any of our systems are safe. Massive breaches happen annually, costing companies billions of dollars. In 2019 there were 1.4 million breaches that exposed over 164 million records. The largest data breach before 2020 to date was uncovered in 2016, as online platform Yahoo announced hackers stole user information associated with at least 1 billion accounts in 2013. Another Yahoo hack was uncovered only a few months earlier, revealing 500 million compromised data records.
Law #3: Humans Trust Information
Snapchat in 2016 said it was “just impossibly sorry” for a data breach exposing payroll information of some 700 current and former employees. How did this happen? An attacker pretended to be the social media company’s CEO, Evan Spiegel, and fooled an employee into emailing him the information. We need to adopt a zero trust policy.
Law #4: With Innovation Comes Opportunity For Exploitation
In 2016 a virus known as Mirai infected millions of IoT devices and then weaponized them against targets creating some of the largest bandwidth attacks the world has seen. Mirai was later revealed to have been used during the DDoS attacks against Rutgers University from 2014 to 2016, which left faculty and students on campus unable to access the outside Internet for several days at a time.
We can not forget the lesson of Law #4 as technology continues to advance, so must our Defenses.
What Can Companies Do to Protect Themselves?
Cybersecurity must be a priority. Organizations must develop security protocols by focusing on securing their networks, applications, and devices.
Stay Current. Be aware of compliance requirements and industry standards. Understand what is happening in cybersecurity globally and take immediate action.
Have experts as your partner. Threatrix can accurately detect all of your open source in code, binaries, build dependencies, and copy and pasted code. Pinpoint accuracy for your developers to attribute their open-source snippets with extensible role-based access control powers with granular access to your most sensitive data. We provide a wide range of DevOps, Workflow, Data Management, and Developer Integrations. Allow us to understand your needs and meet your open-source security goals.