Most, if not all of us live a digital life. Our daily interactions illustrate a life of email, status updates, online banking and FitBit challenges. We participate in social networks, conduct business, share and store information and manage the most intimate details about ourselves online. We trust this information to Facebook, Google, healthcare facilities, governmental institutions and various application providers around the globe.
The information we share, our data, is stored on our personal devices (phones/computers) and on organizational devices (servers) in other geographic locations (cloud). We trust that our data is secured and that corporations are using reasonable means to protect the confidentiality, integrity and availability of our information. Your data carries a high value, and these institutions rely on your trust to hold your information.
Keeping this information and infrastructure safe is often referred to as Cybersecurity. Cybersecurity is short for Cyberspace Security. Cyberspace, a term made popular in William Gibson’s excellent novel Neuromancer (1984), is the world of all connected devices, technologies, applications, knowledge and systems that exist online.
Your mobile device lives in cyberspace. Facebook lives in cyberspace. We play games and bank in cyberspace. Many of us build and maintain personal relationships in cyberspace. Most transactions that we participate in exist in cyberspace. This means that most (if not all) of your data exists in cyberspace.
Cyberspace Security, or Cybersecurity, concerns itself with securing the infrastructure, devices, technologies and (your) data from bad actors. Bad actors (cyber criminals) include people or technologies that attempt to profit from exploiting a system or its data. They attempt to open a door into a system/network silently (via tools and technology) or people (social engineering) to gain access to trade secrets, and personal information.
Whether leveraging technology or human behavior, the cybercriminal is attempting to exploit a system for information. The cybercriminal is looking for information that can be bought and sold on the dark web. This information includes, social security numbers, credit card numbers, health care records, trade secrets, intellectual property or even photos. In some cases, they are looking for information that could be used to initiate a wire transfer on your behalf or trick a target out of money. In a lot of cases, information is gathered and assembled to conduct a much larger and coordinated attack against people, families or organizations.
Think of the dark web (or deep web) as another form of the internet. In fact, the dark web operates much like the web you use every day – it just tends to be filled with criminal activity. There are some caveats to this, but not many. You don’t want your information on the dark web, nor do I recommend that you snoop around the dark web looking for it. If you have concerns in this area – contact a trusted cybersecurity professional that has experience in this arena.
Exploiting a system or its data is often referred to as hacking. The Russians, Chinese and North Koreans are all hacking – hacking our elections, our power grids, corporations and even our personal and private lives. The US is hacking countries and entities, and sometimes, even their own citizens. Hackers are not just state actors, they also include individuals from all walks of life, all over the world. Hackers that primarily focus on stealing information or taking systems offline are known as ‘Black Hat’ or, unethical hackers. Hackers are looking for any open door – whether it be physical or logical (digital). As cybersecurity professionals, we attempt to lock these digital doors and prevent unauthorized access.
From a technical perspective, cybersecurity professionals take defensive steps to protect data and systems with hardware and software. Hardware and software designed to block known threats, fix/identify vulnerabilities and monitor for abnormalities or behavioral changes that could lead to a breach (unauthorized access).
From a non-technical perspective, there are other real threats that exist to you, me and/or your business or employer. Cybercriminals are aware that we use technical controls to protect data and information, so they pivot and change their strategy. As mentioned above, many hackers or cybercriminals resort to conducting social engineering attacks.
Social engineers harvest readily available information about you from social networks, news and corporate websites to develop a believable strategy to separate you from your money and information. These attacks take many different forms and you have probably heard of a few. A few social engineering attacks include phishing attacks (believable emails), vishing attacks (fake tech support calls) and impersonation attacks. Sometimes they are after your bank or PayPal account. Other times, they want to better understand who you are, your role at your organization or your relationship to someone or something. Social engineering attacks are very successful and take advantage of human behavior – the good and the bad.
In cybersecurity, the landscape is always changing and evolving. Whether realized or not, most of us are engaging in cybersecurity. You may choose to run antivirus/anti-malware software or applications. You may use an external source or program, such as Dropbox, to store data. Perhaps you are cautious or skeptical about random emails or ads. You may advise your children to be wary in online environments just as you would caution them in other physical spaces. These steps indicate our drive toward safety. However, none of us can be too safe in cyberspace: you are the one who holds the keys to the data that cybercriminals want access to.
Relationships are built on trust, and our relationship with lawmakers is an important facet to consider. Our lawmakers in the US recently made it easier than ever for federal, state and local authorities to snoop (hack), collect and process your most personal data. While Sens. Ron Wyden (D-OR), Steve Daines (R-Mont) and Chris Coons (D-Del) attempted to block this bill in December 2016, Rule 41 passed through congress giving agencies carte blanche access to your browsing history. Cybersecurity does not stop and start at the will of our government.
Cybercrime is here to stay. It touches all of us and impacts our personal, private and professional lives. We all live in cyberspace and cybersecurity need be an important part of our daily and professional lives. Many have suffered from the impact of cybercrime and it is our job to keep each other safe. Be wary, be vigilant and most importantly, be aware of the proactive steps you can take to protect yourself, your family, and your organizations.
Lewis Howell is the CEO of Hueya, Inc. based in Bend, www.hueya.io, the leader in cybercrime prevention software. Lewis Howell, MBA/CISSP, has over 20 years of experience in technology and security in the fields of healthcare, telecommunications, aerospace and software.
