3 Cybersecurity Basics and Why They’re EssentialOur cyber defenses depend, to a large degree, on simply making life harder for hackers By: Eric Escobar, Secureworks Adversary Group
Cybersecurity, believe it or not, is one of the most important issues of our time. That’s because:
- Digital technology has become pervasive, touching every aspect of our personal, economic, cultural, and political lives.
- This pervasiveness has resulted in a virtually infinite threat surface that extends from the device on your wrist to the biggest, gnarliest datacenters on the planet.
- Criminals are always going to commit crime.
- Due to our connectedness, a breach anywhere is a threat to businesses everywhere.
Unfortunately, the media has done an inadequate job of framing the cybersecurity issue. For one thing, news organizations only cover cybersecurity when some new global threat emerges, or worse yet – after a significant breach has occurred. This skewed coverage gives the false impression that the only thing we have to worry about—and defend ourselves against—is the next high-profile zero-day exploit.
That, of course, is untrue. Most breaches are far more mundane. As they say, it’s not the lion you have to worry most about in the jungle. It’s the mosquitoes.
Even worse may be the way hackers are portrayed in movies and on TV. If you only learn about cybersecurity through popular entertainment, you probably believe that hackers are evil geniuses capable of sliding past even DoD-quality cyber defenses with a single torrent of lightning keystrokes—which means you’re basically helpless against their inexorable brilliance.
This is also patently untrue. Most hacking is literally that: hacking. Cybercrime is mostly brute force trial-and-error perpetrated by bad actors who often don’t need to have Hollywood-level hacking skills, but have learned that with enough time and effort they can earn a decent living stealing stuff.
Our cyber defenses—both individual and collective—thus depend, to a large degree, on simply making life harder for hackers. After all, hackers have the same constraints of time, budget, and payoff. In fact, I’ll go even further and say that half the battle can be won with these three cybersecurity basics:
- Security essential #1: Use a password manager. To successfully protect the many facets of your digital life, you need a strong and unique password for every single account associated with your identity. Since you probably have upwards of 50 accounts, there is little chance you can memorize so many strong passwords. So, you need a password manager. And you need to take advantage of that password manager to make each of your passwords fully weird and unique. This pet’s-name-plus-old-address needs to stop. “T!i5T&C45z” is a password. “fiDo2451” is not.
- Security essential #2: Apply two-factor authentication religiously. Two-factor authentication means you need two factors to authenticate your identity. One factor is your traditional username/password combo. The other factor is typically a one-time PIN sent to your phone—although there are other ways to implement a second factor for certain applications, such as an ID badge or a digital token you can keep on your key ring.
Two-factor authentication is especially important for protecting financially sensitive accounts such as your bank and credit cards. Sure, it may be a bother to have to wait a few seconds to get your one-time PIN. But the wait is worth it. Trust me. Recovering from identity theft takes more than a few seconds. And if one of your work accounts gets hacked, the cost to your organization is significant.
- Security essential #3: Stay digitally alert. Most of us are pretty vigilant in the “physical world.” Our adrenaline kicks in a little if we notice someone following us in a poorly lit parking lot or feel contact against us while we’re waiting in line somewhere.
Unfortunately, that situational awareness typically goes right out the window when we’re online. For some reason, we become too intent on whatever our current task is to pay any attention to the little signs that something may be amiss. Maybe it’s because we’re in denial about the dangers of cybercrime. Maybe it’s because we’re impatient when we’re online and just want everything to work. Or maybe it’s because we haven’t had time to evolve the same “sixth sense” online that we’ve developed over the eons as warm-blooded mammals in a physical world of potential predators.
Do the three cybersecurity basics above mean we don’t need the more sophisticated types of threat detection and response offered by Secureworks™? Of course not. There are super-sophisticated hackers and mega-resourced state actors who are after big scores. And large organizations have vulnerabilities that can’t be addressed by the three basic principles above.
However, by the same token, we put an awful lot of pressure on sophisticated enterprise cyber defense technology when we fail to even use reasonably strong passwords or mindlessly click on spear-phishing emails. We need the combination of cybersecurity basics plus an advanced cyber defense to keep ourselves safe from the bad guys.