October is National Cybersecurity Awareness Month. When many people unfamiliar with the world of cybersecurity think of cyber threats, one of the first things that comes to mind is the classic phishing scam. These attacks have been around as long as email addresses have been in existence, beginning with those infamous “Nigerian Prince” dupes that were so common in the 1990s and early 2000s. These schemes are some of the most commonly known cyber attacks now and much of this is due to the fact that these scammers will target both businesses and individuals alike without discrimination of who you are or what industry you are in.
Knowledge is power! Not only is this a great message taught to children by the musical stylings of Schoolhouse Rock, but it is a philosophy which should be applied to all parts of our lives – cybersecurity in particular. The importance of our awareness as a society surrounding phishing attacks should be used as an example for how to approach new and emerging threats to our online data. Because the attack itself is widely known, users are constantly on the lookout for phishing schemes.
Common Sense Approach to IoT Security
As other cyber threats unfortunately become more and more common, we need to have the same widespread approach to teaching the public about both its risks and the solutions to those risks. For example, one of the fastest growing industries in the world is IoT (Internet of Things) devices such as smart watches, smart doorbells, smart appliance, smart anything! While these devices are revolutionary and make many tasks in our day to day lives much easier, they are also highly hackable and therefore very risky. Because the world of IoT is relatively new and widespread adoption of such technology is just recently becoming popular, this is likely the next hot area which cybercriminals will be targeting. Professionals anticipate that the number of IoT devices in the world will reach 21 billion devices by the year 2025.
The most important area where we have got it right when it comes to approaching phishing protection is a people-centric approach. Having an approach which empowers the immediate recipients and potential victims to know how to approach protecting against phishing attacks puts the powers in their hands. This is a major facet which makes cyber protection against these attacks much stronger.
While this is not a bulletproof approach, and often times human intervention in the cyber world leads to error rather than success, the application of a person-centric approach may be the key to helping lessen the impacts of other cyber threats. Circling back to the example of IoT security – many people are unaware of the simple protections they can implement in order to protect against IoT device threats. One of the biggest risks to IoT device security for individuals and companies alike is a lack of awareness on what devices are connected to their business and personal networks. It is actually simple to look at which devices are connected to your networks by logging into your account on your Internet providers website and checking “Attached Devices” or something of that nature.
Another highly common, highly solvable, problem when it comes to IoT device security is IoT device driven DDoS attacks. This is an attack where a multitude of IoT devices are used to attack a cybercriminal’s targeted victim. Though this is not a perfect protection for such an attack, the simple practice of changing your password and updating it regularly can protect not only from this threat but a multitude of threats. The problem is that these risks and solutions are not common knowledge and therefore, unfortunately, not very common sense to many of the users of these devices.
By creating a common sense approach, similar to that used to approach phishing attacks, people can protect themselves and their data against IoT security risks and many more cyber attacks. Again, knowledge is power!
Image by Freepik.