This article was originally written and posted on RSA by Russ Schrader, National Cybersecurity Alliance, Angel Grant, CISSP.
Today, news headlines are filled with a seemingly endless stream of high-profile data breaches and malicious cyber attacks. From department stores, to airlines, social media platforms and financial institutions, everyone is a target. This year alone, billions of data records have been compromised. Increasingly, we are seeing the consequences of our digitally connected lives – yet many have not taken the time to truly understand the imminent risks.
Hacking data is big business for criminals and getting hacked has become “the new normal” for businesses and consumers. Cybercriminals are getting their hands on a breadth of data from names, to social security numbers, passwords, addresses, phone numbers, health records and more. If this is the new “normal,” it’s important to understand just how we got here and what businesses and consumers can do to protect their digital presence.
The Intersection of Technology and Cybercrime
If we look back over the past 15 years, there has always been a simultaneous evolution of cyber threats with the introduction of new technology. For most, life in 2003 was a bit different. You likely didn’t have a smartphone glued to the palm of your hand or a social media profile where you shared life moments. And chances are: your camera, phone, alarm clock, GPS and music player were all five separate pieces of plastic and metal.
Big tech moments, like the introduction of Facebook in 2004, the launch of the Apple iPhone in 2007 or the adoption of the cloud to store your music, photos and documents – have altered our lives, jobs and daily routines. We now lead internet-connected, digital lives. With these changes in human behavior – prompted by the adoption of tech innovation – we also experience the consequences of a connected life, including a rise in stolen credentials, massive data breaches, ransomware and other malicious cyber attacks. Cybercriminals have become increasingly sophisticated and continue to alter their strategies to take advantage of changes in consumer and business behavior.
The New Normal
In an era where our lives and businesses continue to become more digital, a security breach is not a matter of if, but when. The underground world of cybercrime understands our business ecosystems and how to manipulate vulnerabilities. For both businesses and consumers, the volatile cybercrime landscape should be an impetus for a grown-up discussion on data, privacy and cyber responsibility. And the reality is, even with the all the high-tech attacks, the biggest vulnerability remains the human. So how can businesses and consumers protect themselves in this new normal?
Consumers: Stop. Think. Connect.
An email account, social media profile or an online banking profile are just a few ways a hacker could learn more about you and potentially compromise your data. Many consumers don’t even realize how much personal information they have floating around in cyber space. Everything, from what you post on social media and your browsing habits, to the information organizations collect about you leaves a digital footprint. And the list of cybercrime dangers for consumers continues to grow – from targeted phishing attacks to account takeovers, stolen identities and new silent dangers that are targeting kids, taking over their identities before they’re old enough to realize damage has been done.
Consumers must take control of their online presence, and take a moment to stop, and think about the places they are posting personal information. The NCSA and RSA Security recommend the following tips:
Closely monitor your online accounts: Activate fraud alerts on all your financial and health related accounts. For example: new payee, high value credit card transactions, or insurance claim submitted alerts.
Multi-factor Authentication: If a site offers it – use it. Whether it’s biometrics or a one-time password, the additional authentication adds an additional layer of security to your personal information.
Digital Inventory: Take inventory of every device connected to the internet – for example, your watch, phone, tablet, car, home lighting, thermostat, gaming console, etc. And for every new device, start by changing the default user names and passwords, installing security updates and turning off devices when not in use.
In many cases, consumers have yet to feel the tangible and long-term effects of data and privacy loss, but it is critical that they start managing their privacy and protect their personal information.
Businesses: Securing the Digital Journey
A few years ago, “digital transformation” was just another business buzzword. Today it’s a strategic imperative, as organizations look to adopt artificial intelligence, internet of things, cloud and other emerging technologies to accelerate their business. But businesses face a catch-22, as the very technologies they need to compete are creating new vulnerabilities that hackers can exploit. Additionally, despite the growing number of threats and the increasing sophistication of attacks, not much has changed about the way businesses’ secure access to critical resources.
As organizations look to protect their business, employees and customers from data loss and cyber attacks, there are a few key steps they need to take:
Identify Critical Assets: Businesses should determine what data matters most, classify it and put access controls on it. Before you can implement a data protection strategy, you must know what data, if lost, stolen or destroyed, would cause your organization the most harm.
Make Data Useless: Remember hacking is an economics game for cybercriminals. Leveraging encryption and tokenization makes data useless to cybercriminals, leaving hackers unable to cash in on its benefits.
Back it Up: Critical data should be backed up in an isolated data center environment that is disconnected from the network and restricted from users, other than those with proper clearance.
Protect Identities: Passwords are often the weakest link in a business security chain. Multi-factor authentication, like biometrics, SMS or push notifications, can help businesses better secure their most critical assets and protect against cyber threats.
As data privacy laws become stricter with harsher penalties for compliance, organizations need to take the steps to comply and protect their organizations in an era where data breaches are far too common and catastrophically expensive.
Cyber attacks are devastating to both consumers and businesses. We can no longer dismiss or ignore today’s growing cybersecurity concerns. If this is the new normal, it’s time to shift the way in which we think about data, privacy and security.
Consumers must rethink how much information they are willing to share online and start to practice online safety and privacy and safeguard networks and mobile devices. Businesses must make cybersecurity and privacy a foundational element of their business strategy as consumers have entrusted them to be stewards of their information.
In these tech-fueled times, our homes, societal well-being, economic prosperity and the nation’s security are impacted by the Internet. Cybersecurity is a shared responsibility – where we must all play our part.