Can You Afford A Cyber Attack In 2021 or Ever?

Source: Joseph Steinberg

Do you write down your Gmail/FaceBook/Work email/any passwords on a sticky note or save it in a text file?

Do you click on links and enter O365/LinkedIn/Netbanking credentials without checking the URL from an email?

Is your computing device running on obsolete OS/softwares? psst. patch up…

If the answer is ‘yes’ to even 1 of the above then you’re prone to cyber attacks. Connecting unprotected devices to the internet make them vulnerable and susceptible to following attacks.

1. Identity theft/Credentials theft/Data theft
2. Phishing attack
3. Malware infection — ransomware attack
4. DDoS and more

Let’s take a look at the revolution of cybersecurity and the threat spectrum that’s advanced with it.

How did we get here. Source: edX Team

Unlike the olden days, all the information needed for a hack can be found online(thanks to FB, IG, LinkedIn, etc.). So a cyber attack can happen to anyone and anywhere.

Information Age Threat Spectrum: Earlier hacking was done for thrill, challenge & monetary gain and then the motive became publicity & target damage and now it’s more of causing chaos & to gain political/military/economic advantage.

Cyber crime is of the past and cyber war(nation state attack — cyber crime backed by nations & governments) is a thing now.

(Not so)Fun Fact: Did you know that an average data breach is not discovered in an organisation for over 200 days.

Source: attack-kill-chain-small.jpg

Once the initial compromise(luring you into clicking that malicious URLin an email)is done, the hacker starts to move laterally along your network of devices causing chaos and gaining monetary benefits.

By the time, the organisation would’ve lost its confidential data, business and reputation.

Tips and best practices to protect confidential data:

1. Top-notch anti-virus with latest patch is a must for any computing device
2. Use strong passwords — above 8 chars, alphanumeric, append!four&random_words, avoid dictionary words and choose uncommon/made-up words
3. Opt for MFA or 2FA (Two Factor Authentication) wherever possible. Consider getting a password manager
4. Never share your password with anyone nor write it down. Avoid using the same password for more than one account
5. Beware of phishing techniques, refrain from opening unknown emails, URLs, attachments — curiosity kills the cat
6. Do not use unauthorised VPN/Proxy/Browser/P2P applications
7. Participate in cybersecurity awareness trainings and quizzes in your organisation
8. Update security patches and remove unused apps and softwares
9. Store/Transfer confidential data with encryption and password protection
10. Get help from a pro/Infosec team when you’re in doubt or need help

Stay safe! Stay secure!