Happy October and welcome to National Cyber Security Awareness Month. On the heels of some very high-profile and disturbing data breaches, the timing is better than ever.
Every year, the Department of Homeland Security designates October as National Cyber Security Awareness Month. This is an annual campaign designed to raise awareness of the topic. The goal is to make everyone, from private citizens to corporate citizens, more aware of cyber security threats and better prepared to protect themselves and their companies.
This year comes on the heels of major data breach announcements from Equifax, Deliotte and the Securities and Exchange Commission. 2016 had shaped up to be the worst year, to date, for cyber security incidents. With all the news coverage and focus on educating users to be safer, one would have hoped 2017 would be better, but it’s not looking that way. This year may very own the unflattering distinction of being the worst year for cyber security incidents on record.
Over the last couple of weeks we have been inundated with news of high-profile attacks. The hack of Equifax, one of the nation’s three credit bureaus, is by far the worst on record. This hack exposed personal information for more than 143 million consumers. What’s so troubling about this hack is that this company and the other two major credit bureaus maintain a bevy of highly confidential financial and personal data on the individuals in their databases. A person does not need to be an actual customer of a credit bureau to have been exposed, because these companies assemble this information on all consumers based on their credit activity. Equifax response to this hack has not been handled well, resulting in the “retirement” of several senior executives, including the CEO.
In the case of the Deloitte breach, the firm has confirmed confidential documents and emails were stolen from the corporate network. The hack was accomplished by obtaining an administrative username and password that had privileged access to the entire network. The lack of two factor authentication allowed the hackers to access the network with just the username and password. This is such an easy attack vector to counter. Two factor authentication is the norm for privileged access. Google, Microsoft and most social media networks, among others, offer two factor authentication support, so there really is no excuse for not using it.
The SEC hack disclosed that hackers accessed the electronic system known as EDGAR, which stores information related to public company filings. It is thought that the hackers then used the information to trade on the public stock exchanges, profiting from this information. Just this week, the chairman of the SEC informed Congress that the agency does not yet know the full extent of this hack.
With all this, and more, as a backdrop, this year’s National Cyber Security Month is focusing on the following themes:
Simple steps to online safety: This will focus on helping consumers understand the threats and how to protect themselves, including what to do if they become a victim of cyber-crime.
Cyber security in the workplace is everyone’s business: The focus here will be on enhancing corporate cultures of cyber security, how to educate employees and the use of the National Institute of Standards and Technology Cybersecurity Framework to protect your company.
Today’s predictions for tomorrow’s internet: This will focus on smart technology and what is known as the Internet of Things (IoT) and the importance of safeguarding their use in our homes and society at large.
The internet wants you: Consider a career in cybersecurity: Most schools today focus on software coding, when it comes to technology career tracks. Cybersecurity represents a massive career opportunity for those seeking a meaningful role safeguarding our national economy. It’s critical that we educate our middle and high schoolers on this critical need and opportunity.
Protecting critical infrastructure from cyber threats: I’m sure you have seen or read news stories on the risks to our financial networks, power grid and other public utilities. Consider the catastrophe unfolding in Puerto Rico right now from Hurricane Maria. Resiliency of our critical infrastructure is more important than ever, in the face of changing weather patterns and the persistent cybersecurity threat.
I will blog more about each of these themes as they roll out over the course of October. I encourage you to reach more about each theme on my blog at mjshoer.com and educate yourself further about the evolving cybersecurity threats and what you can do to protect yourself personally and professionally. Stay safe online!