What is Cyber Security?

Cyber Security is a broad topic focused on the protection of all things digital, from your work computer to your personal data.

As the level of sophistication grows within the world of cyber attacks, it's important that your knowledge of operatoinal security and how to stay safe online grows along with it.

Ransomware

Ransomware is one of the biggest threats that businesses face today and a topic you've probably heard about at work and in the news. If you don't already know, Ransomware refers to a type of cyber attack where hackers breaks into a companies network, encrypt as much of their data as possible and then demands the company pay a ransom in cryptocurrency in order to get their data back.

It's a multibillion-dollar industry and the people behind it are constantly evolving and finding new ways to maximize their profitability. It's become the norm for these Ransomware operators to not only encrypt the data but to also steal a copy which is then used as leverage to pressure their victim to pay the ransom. If their victim doesn't pay, they post the data online or sell it to the highest bidder.

So Ransomware is a big deal to companies, but why should you care? The reality is, hackers don't follow any rules. In order for them to deploy the Ransomware they first need to gain access to the company network and the easiest way for them to do that is to target the employees. This means you could be targetted in your personal life just because of where you work. In the next section we're going to look at the common techniques used to target you and how to stay safe.

Types of Threats

  • Social Engineering

    The use of social skills by an attacker to convince their target to carry out an action of their desire. This could be handing over sensitive information, sending money or even providing physical access to a restricted space.

  • Phishing

    A subset of Social Engineering, luring individuals into providing sensitive information. Phishing can take numerous forms such as email, text or phonecall and preys on human traits like fear, greed and trust to trick targets.

  • Hacking

    Less dependant on human interaction. The targetting and compromise of electronic devices, taking advantage of software vulnerabilities, misconfigurations and unpatched systems to gain unauthoirzed access.

The below is an episode from the podcast Darknet Diaries with guest Chris Hadnagy, an ethical social engineer. Whilst the full episode is well worth a listen we're going to focus on a small section starting at timestamp 54:12 which contains a real world phonecall as part of a comissioned social engineering attack iniated by a phishing email.

Staying Safe

What can you do to stay safe at work and at home?

Passwords. The average person manages up to 100 passwords and it's important no two passwords are the same. You don't want the password to your bank or your job being in the hands of a hacker all because you used the same password at an online store that has much weaker security and suffered a data breach.

Have I Been Pwned is website that stores records of known data breaches and allows anyone to search both email addresses and passwords to check if they've been seen in a previous breach. It's a great resource to use and can help you pick more secure passwords and know if any of your current accounts are at risk.

Multi-factor Authentication. In the event your password does get stolen, using MFA stops someone from being able to login to your accounts by requiring a second authentication step. If you have an account somewhere that offers MFA, use it. Authenticator apps should be used over SMS or email based MFA where possible. If you want to take it a step further, hardware keys such as YubiKey offer the greatest level of security.

Dilligence. Think carefully before you provide your data to anyone or anything asking for it. If you've received an email from a boss or a client requesting sensitive information, ask yourself if it makes sense for this person to be requesting this data. Could their email have been compromised and now the hackers are targetting you? Is it even their real email address? Equally if a website is asking for your password, check the domain in the URL bar and make sure you're on the website you think you are. Attackers will often leverage a sense of urgency and it's imoprtant to keep a level head and think things through.

Consequence. A temporary lapse in judgement can have untold consequences and you don't want to become your own worst enemy. Before you send that next confidential work presentation to your personal email to work on over the weekend, think about what could go wrong if someone gains access to your email account. Before you post your next photo on social media, make sure you haven't left any sensitive documents in the background.