Cybersecurity Self-Awareness

Is it possible that we will be hacked...?

A question the shareholders of every organization in the globe have mutually. To be frank, yes you might and Yes, you should be worried about the IT security of your Business. You still have a long way to go to stay secure as per the above section.

In a diverse world where people share different languages, cultures, etc., we have Mathematics, Science, etc. in common across the globe. The statements “Adding the number 2 twice gives 4” and “An object free-of-hold will fall to the ground at any time” are true across the globe. Likewise, are the rules of the internet to use – the Internet Protocol. As the rules of maths and science, the way successful communication being carried out is similar for every internet user regardless of wherever he is on this planet.

with more than 7 billion people alive today, the active internet users count reaches a mind-blowing number which is around 5 billion. With our digital population growing rapidly, we, the users must be more and more careful to secure our privacy in the cyberworld. Some people would try anything to get their hands on your data and at any cost, IT security should be one of your prior concerns to stay at least one step ahead of them.

Levels of Cyber Security Self-Awareness within an organization

There are 2 types of companies: those that have been hacked, and those who do not know they have been hacked. 

        – John T Chambers

There are different types of people in the Cyber industry with myriad mindsets. The importance each professional gives to their infrastructure varies according to their maturity level in Cybersecurity. The maturity levels are listed as shown in the image as a hierarchy model. Starting from the bottom, the low maturity level, to the top, the best maturity.

(credits: Pentester Academy)

If you are in the lowest level of maturity “We can’t be hacked”, or wherever in the middle, you might be safe today. But not always. Most IT teams have this level of maturity and with experience, they must move up the hierarchy to reach the top-level maturity “We should take care of cybersecurity seriously”. The sooner you achieve the top level, the safer will be your systems.

Confidence is good but it is not going to help you in all times. Sometimes, it is okay to have a doubt and investigate the system from another perspective. It will take time for you to realize that you were hacked and by that time, it will late. Along with data, you will lose your reputation more than money. That is not good for business and that is why every organization should proactively allocate a good budget for IT security and continue secure and good practices without a second thought.

Inspired by the words of Nick Espinosa, a Cybersecurity and Network Infrastructure specialist, I would like to share with you some of his simple but powerful rules, to stay secure in the cyberworld. Let us see what they are.

Rule #1: Highly evolving threat landscape

If there is a vulnerability, it will be exploited. There is no exception to this rule.

With technology evolving to build a strong security system for your infrastructure, the bad actors still find ways to pierce into it, with just a slight valid flaw. The threat landscape is enhancing with the highly skilled cybercriminals and there is more to be feared for every organization. One must know their weakness in the first place to make a stand for it.

A vulnerability is a weak spot in your system or infrastructure that a bad actor can exploit to gain access to your system. Since the first computer bug ever reported, some people were thinking of how they can crack into someone’s system. No matter how secure you are, if you are in their reach, the chance of getting exploited is undoubtedly high.

Every organization should appreciate having a team (Internal or External) to find their vulnerabilities and to update the system before someone else finds out about it.

Rule #2: Highly evolving vulnerability landscape

Everything is vulnerable in some way. Trust me, everything will have at least one

Every organization possesses some levels of IT security systems. But most will forget that what they have is not enough to defend against every attack. If you believe that you have the most modern technology and are vulnerability-free, sorry to break the ice for you, the attackers also possess the modern evolving technologies which are enough to find at least one vulnerability in your system, which will be enough for them to own your kingdom.

From small-scale retailers to larger-scale industries, they possess Billions of data and they have spent millions on information security. Yet, there are only a few companies with no data breach history, at least a minor one.

Rule #3: Not following Zero Trust Policy

Humans trust even when they should not. Trust is a big mistake.

Everyone knows that humans are the weakest link in cybersecurity. So, the chance of attacks aimed at employees is very high as we can be fooled easily.

Believing that our data is safe with our systems is a great mistake we often make. Because we blindly believe our systems and networks. Even the emails we receive every day, which we should not. The attempt to manipulate people is increasing every day as a matter of trusting someone or something which we should not have.

Positive expectations for our technology and the people are to be blamed for this. Remember that every form we fill online is not legitimate.

Rule #4: Hacking innovations

With innovation comes opportunity for exploitation. Without a doubt, we can say they come combined.

We are living a life led by the advanced technologies and innovations that make our lives easier. Innovations lie everywhere and with everyone that even with basic IT concepts, one can think of something new which will change the way something used to be.

Every innovation holds with it some vulnerabilities which come into light as we get more used to it. If bad actors get to know about the vulnerability before us, it will be exploited without a doubt.

Cloud computing, IoT, and AI are just some of them. We knew they are better in every aspect, but we still hear the news about the hacks on these technologies. The 2016 Mirai virus hack on IoT devices is considered one of the largest innovation hacks.

With innovations emerging every day, rule #4 is not one to be forgotten.

Rule #5: When in doubt, see rule #1.

Start with rule #1 whenever in doubt.

You must always remember that every cybersecurity and technology issue must have started with a vulnerability of some kind, that was left uncared. If you ever forget this, you are in big trouble.

Final Thoughts

To survive the nonstop hacking that takes place, eliminate the objections that are holding you back from allocating a budget for cybersecurity services, like the thoughts:

  1. My IT team and the firewall got me covered
  2. My data is not important to bad actors
  3. No cyber-attack will be aimed at me

Hire some certified expertise to run tests on your defense systems to know where you stand. Increase your budget of IT security – high priority. Find more weakness in your systems. Patch every weakness. Review all the patches done occasionally.

With the cyber-attacks growing rapidly, we must remember that “Cybersecurity services are important as important as sales & marketing in an organization.”

To prevent a hack, you must think like a hacker.