Cybersecurity, although related to technology,
is not a technological concept in all regards
I had the pleasure of hearing cybersecurity expert, Nick Espinosa give a presentation on the five laws of cybersecurity.
This presentation was the same presentation he has given multiple times but really hit home that cybersecurity, although related to technology,
is not a technological concept in all regards.
Let me summarize what he presents and let you judge for yourself.
The 5 Laws of Cybersecurity according to cybersecurity expert, Nick Espinosa
1. If There Is a Vulnerability, It Will Be Exploited...Without Fail
a. When the first bank was established, someone out there said, "That's where all the money is...I'm going to rob that place!"
b. Finding ways to do something more efficiently (i.e. "Life Hacking") is a simple exploitation of a vulnerability.
c. Exploiting vulnerabilities is Human Nature
2. Everything is Vulnerable in Some Way
a. There are instances of companies being exposed to hacking through a Smart Toaster in their breakroom!! A TOASTER!
b. This is inescapable.
3. Humans Trust Even When They Shouldn't
a. This is our greatest vulnerability in cyber security!
b. Phishing Scams and Ransomware are 2 examples of cyber security threats that prey on this law.
4. With Innovation Comes Opportunity for Exploitation
a. IOT (Internet of Things) hacking is a great example of this law. Smart devices make our lives easier but can be exploited to do damage. Google Mirai for more on this very real threat.
5. When In Doubt, See Law No. 1
a. Every single cyber security issue in our technology stems from a vulnerability of some kind!
As I listened to his presentation, I began to realize that most cyber security threats that I have encountered in my 20 years of working in IT have all been psychological exploitations.
-
Someone was excited to get a package around the holidays, so they clicked the tracking link in that very official FedEx email communication and infected their company network with ransomware...twice...in the same day!
-
Someone gets an email that looks like it is from Microsoft saying that they need to confirm their username and password to not lose access to their email resulting in them losing access to their email while a hacker is sending funding requests to everyone in their contact list.
-
Someone decides to download that neat plug-in that gives them coupons for things that they might purchase on the Internet, resulting in data gathering, more aggressive marketing and a complete drop in computer performance leading to even more decreased productivity!
ALL of these exploits of human vulnerability could have been avoided with some common sense and knowledge that these types of hacking are running rampant. By verifying the senders email address and seeing that it is from fedextracking@gmail.com or licensing@mircrosorft.com and knowing that these large organizations would NEVER have official email coming from gmail.com or misspelled domains these could have been avoided. By following the simple rule that if something is given to you for free, you ARE the product being sold, you can avoid productivity interruptions and pesky (and frankly creepy) ads about things you were just searching for on the Internet.
Hackers are experts at exploiting your trust for their own game, so make the game more difficult for them by taking a quick second to question those things that might not seem quite right.
For more tips on staying safe in an increasing online environment, reach out to us today to request an assessment. Capital Office Products has over 25 years of experience in serving small businesses, churches, Fortune 500 companies, schools, medium sized work groups, and everything in between. We offer the most holistic cyber security services in SC.
Reach out to our team today to learn more about our data backup services and request an assessment today!