Hello, and welcome back to this next TomCast from Iron Bow Technologies; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we’re going to discuss the awareness of cyber ignorance. While this may initially come across as a rant, that is not the intent. The purpose of this discussion is to provide some guidance on how to reach individuals or organizations that just don’t seem to understand or have time for cybersecurity concepts or practices.
All too often those in the cybersecurity profession get frustrated by the lack of adherence to common cybersecurity practices. Now, this is for good reason; simple steps (or, rather, supposedly simple steps) can help protect data, assets, and endpoints of individuals and organizations. Minor changes in routines, minor changes in configurations can provide quite a bit of protection from threats in cyberspace.
Look at another career path for a moment to compare these frustrations. Go to your local mechanic shop and speak to your auto mechanic about frustrations he or she has over common car care. How often do they encounter mechanical problems that could be easily mitigated through the use of simple maintenance? Changing oil routinely, rotating tires, checking fluids, each of these are things that can be done by the car owner typically that can prolong the life of the vehicle and its components. Yet, there are many out there that either do not do this on their own or don’t think about these things and they end up spending much more to repair than they would to maintain.
Now, any idea why I elected to go into that type of comparison to an industry that is quite different from cybersecurity? I had a fantastic discussion with a close friend of mine this past week discussing industry frustrations and ways to help spread cyber awareness and education. Oftentimes many I have spoken to get a glazed-eye expression and you can actually see their attention levels waning while speaking. See, cybersecurity is a confusing topic to many, and to even more it is simply an unknown subject.
What this friendly discussion helped to unearth was the idea of telling a story. Not a fictitious one, mind you, but a story that helps those understand more about the impact and importance of cybersecurity. Even though cybersecurity is a vast field that contains many different facets, there are hundreds of industries and career paths out there that don’t include cybersecurity within their realms of operation or education. So, the challenge is making cybersecurity relevant and understandable.
If you were to discuss with someone far outside the realm of cybersecurity the threat of data theft and information loss, you might get a head nod or a base understanding of the topic. If you make that discussion something a bit closer to what that person or organization operates in, it becomes more understandable and relevant. Here is an example.
I could discuss the topic of social engineering until I am almost blue in the face. Social engineering methods trick the victims into sharing sensitive information, whether that be credit card info, organizational info, or something else. While that is an important topic and one that folks SHOULD pay attention to, it comes across with more importance if you tie it to a real-life example.
A friend of mine was called recently by someone claiming to be a police officer. She was told by this person that she had missed her jury duty date, provided her the correct juror number and told her that she currently owed a significant amount of money in penalties for missing her jury duty appointment. She was also told that if she paid, and the system was in error, the monies would be refunded to her. This was an official sounding individual that had correct information about her. Luckily she had a good amount of cyber awareness education and was able to process the emotions and then think logically about this caller.
This social engineer was preying on the emotional reaction of this friend. If he could absolutely convince her that she should pay the fine, he walks away with a handsome sum of money for simply calling someone using publicly recorded information to his advantage. Providing her with the option of a refund “if the system was in error” was a nice touch, but my friend was not tricked.
Another way to spread awareness is to use headlines of news that is relevant to the organization or industry the person operates in. Critical infrastructure, for example, is a hot topic on many cyber professionals’ minds, but maybe not the leadership of state and local governments or the leaders that own the infrastructure itself. So, use examples of where emergency services have been impacted, where public utilities have been impacted, or where lives have actually been lost as a result of cyber attacks. This is not in an effort to demonize anyone or any industry outside of the threat actor; the idea here is to help make the topic of cybersecurity important and relevant, which will hopefully result in the prioritization of cybersecurity education and implementation.
If you are wanting assistance on spreading some cyber awareness, have questions on cyber topics, or just want to understand more about cybersecurity please reach out to the folks here at Iron Bow technologies. We can help walk you through a myriad of different cyber topics to help increase your understanding and awareness of cybersecurity as a whole. We’re here to help any way we can!
We here at Iron Bow thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what Iron Bow can do for you, head on over to www.ironbow.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!