By John York
Everyone is a target in today’s adversarial paradise: the internet. I do mean literally everyone. Threat actors do not discriminate when choosing targets today. The proverb “one man’s trash is another man’s treasure,” which dates as far back as the 17th century, couldn’t be closer to the truth in the cyber realm.
October is a busy month for practitioners in information security to share and emphasize best practices in being safer and more secure online. In its 17th year, the National Cybersecurity Awareness Month continues with this year’s theme as “Do Your Part. #BeCyberSmart.” I encourage everyone to take a little time to review the Tip Sheets on that link.
We must realize and understand that we are the biggest weakness in security: It is the human element that is easiest to manipulate. The tools, tactics, and technology have evolved to social-engineer even the best of us! Threat adversaries will go to great lengths to apply social engineering techniques to exploit information in support of malicious activity. Social engineering can take on many forms. Although we most commonly associate this with email, it can also be a combination of text messages, phone calls, social media posts, or hyperlinks within emails or on a compromised website.
I often encounter people who question whether they offer any real tangible value to a cyber threat actor. Put simply, why should they care? Despite whether you’re an organization or reflecting on your own personal footprint, there are people who can profit from you. Not all risks are tied to a physical asset or monetary value, as we often lose sight of the repercussions that this has to our identity, our reputation, and our trust. Rebuilding from a cyberattack is a daunting task that can inadvertently affect those around us.
Ask yourself, what are some things that hold value to you, your family, or your career? You owe it to yourself to understand what your risks are and how you can protect yourself.
This month’s tips from the National Cybersecurity Awareness Month campaign can help you at work and at home to improve your security footprint in today’s connected world!
John York, SSCP, is a cybersecurity professional, who is active in the infosec community. Last year for Cybersecurity Awareness Month, he spoke and held a training event at a conference in Washington, D.C. He also held an all-day training event in Iowa at the SecureIowa Conference. York is also a member of the local InfraGard chapter, a private alliance between the private sector and the FBI. He is also a member of the local Information Systems Security Association (ISSA).