Cybersecurity: Awareness is Only the First Step

European Cyber Security Month (ESCM) is an annual campaign designed to raise awareness of the myriad of threats individuals and organisations face in today’s ever more connected world

Whether it be malicious hacking, malware, espionage or data loss, we are more at risk of becoming victims of cybercrime than ever before. This trend is only set to increase exponentially into the future. 

The end goal of ESCM is not only to raise awareness of cybersecurity issues, but to also promote best practice, provide access to the resources required to fight cybercrime and, of course, to educate users and decision-makers about the risks they face.

While bringing awareness to an issue is important, one month of highlighting cyber security issues just isn’t enough. Hackers operate 24 hours a day, 365 days a year and it would be foolhardy not to ensure your cybersecurity protocols operate to the same timeframe.

The ever-growing threat

When national security, personal safety and business continuity is at stake, everyone should not only be aware of the threat, they should be taking actionSociety believes in this when it comes to environmental and physical threats so why are we so disengaged when it comes to cyber security?

Cyber security doesn’t just affect a person, but everyone around them. And in the globally connected world we live in, that literally is everyone. Infected devices have a way of infecting other devices, and compromised systems can make everyone vulnerable. So cyber security isn’t just about protecting you – it’s about protecting all of us.

The National Cyber Security Centre recently revealed that it has handled 658 attacks on 900 organisations, including schools, airports and emergency services, and said the attacks pose ‘strategic national security threats to the UK’. The spread of cyber-attacks should come as no surprise. The number of internet-enabled devices is skyrocketing. Already, there are seven billion internet-connected devices globally, and that number will more than triple to over 21 billion by 2025, IoT Analytics predicts. Thanks to the Internet of Things there is now web-enabled software in everything from planes to fridge-freezers. In an era where espresso machines have IP addresses and speakers are connected to the internet, a lot of effort is required to keep safe.

The threat is very real, and very immediate. And where the attacks are coming from a cause for serious concern.

Increased sophistication

Gone are the days where the only concern was the lone attacker wearing a hoodie in his bedroom. While that stereotype might have been true over 20 years ago, organised criminal gangs quickly got in on the action, stealing credit card details and testing the IT structures of retail banks to their very limits. More recently, ‘hacktivists’ like Wikileaks have tried to expose the malpractices and secrets of big businesses and powerful governments. And in the last few years, the advent of state-sponsored attacks have been ever increasing, with accusations of foreign meddling in domestic elections (US, France, Brexit) a massive concern. The transition from the teenager’s bedroom to the upper echelons of power has been frighteningly quick.

It is imperative that we move from a state of apathy to a state of national readiness when it comes to cyber threats. Cyber-attacks are getting more sophisticated, and are having real life consequences for nations, organisations and citizens. The fightback must begin.

The steps we must all take

Businesses need to own their IT. “Owning” your digital profile means taking stock of the apps, appliances and other IoT devices that hold and use personal and corporate data on a daily basis. Solutions which use things like data encryption provide visibility into and security for complex, interconnected IoT systems. They also help ensure devices are authenticated and data/control information is free from tampering.

Only after building a complete picture of your personal and organisational cyber landscape can you begin securing it.  95 per cent of successful attacks on enterprise networks result from spear phishing scams. Identifying a phishing attempt is the first step: always check the actual email and web addresses when you receive an email of which you are unsure. On a technological level, the use of multi-factor authentication and dynamic security policies can mitigate even successful phishing attacks.

The most important thing to remember about cybercriminals is that more often than not they rely on human error to gain access to systems. Continued employee awareness training can help strengthen cybersecurity defences by lowering the risks associated with human error.

Businesses can also make sure strong security processes are in place, including ensuring employees use strong passwords, and that they are changed regularly. Yes, Password123456 – I’m looking at you. 

Keep your software updated to the latest version available because updates often include fixes for disclosed vulnerabilities. Also be wary of public WiFi, especially when connecting in new locations – hotels and other public spaces are common targets for cybercriminals due to their unsecured networks.

And this isn’t only for the grown ups’ table. Just as we teach our kids to lock up their bikes, parents and teachers need to remind children to protect their phones and other devices with passwords. And children need to know that some things in life need to be kept secret!

Stop. Think. Connect.

The organisations behind National Cyber Security Month remind people to Stop. Think. Connect:

STOP: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

THINK: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.

CONNECT: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer (and other devices). 

In a world where cybercrime is to be expected, it is high time we ensure security at all times, not just when awareness is at a peak.

About the Author

Campbell Murray is Global Head at BlackBerry. Today’s BlackBerry is a software company with a standard of security for managing the network of mobile and wearable devices, desktops and laptops, and other endpoints within enterprises. In addition to developing and providing applications, our BlackBerry Secure platform enables enterprises and independent developers to create applications for smartphones, medical devices, connected cars, consumer appliances and industrial machinery, and much more.