Cyber Awareness Focuses On Individual Action

Data breaches were down in 2018—a 23 percent drop from 2017. But the number of consumer records containing personally identifiable information (PII) increased drastically, rising to 446.5 million from 197.6 million in 2018, Dark Reading reported.

The findings came from the Identity Theft Resource Center, which tracks publicly available breach disclosures. Its findings, and other research like it, reinforce the importance of cybersecurity and the need for organizations and individuals to take action to be more secure online.

U.S. President Donald Trump declared October National Cybersecurity Awareness Month for the 16th year in a row.

“As technology advances, so do the tactics by malicious cyber actors to obtain personal information and threaten our networks,” Trump said in a White House statement. “To maximize our Nation’s cybersecurity and mitigate risks, all levels of government must strengthen their partnerships with the private sector to better exchange information, build greater trust, and enhance the resilience of our country’s cyber infrastructure.”

As part of the awareness month, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and the National Cyber Security Alliance (NCSA)—launched the “Own IT. Secure IT. Protect IT.” campaign, which aims to help individuals protect their sensitive data stored on devices and in the cloud. More than 1,100 organizations and 600 individuals have already pledged their support to further the mission.

“Every one of us has a seemingly ever-expanding digital footprint—across a range of devices and accounts at home, at work, or at school—and locking down that footprint is a never-ending job,” said CISA Director Christopher Krebs in a statement. “The consequences of not getting security right go well beyond just having to get a replacement credit card. The decisions we make online can have local, regional, and even global implications.”

To aid this effort, DHS released a toolkit that provides fact sheets on creating strong passwords, shopping safely online, phishing attacks, and keeping work secure.

#BeCyberSmart Tip: If You Collect It, Protect It. Any data your business collects, including customer and employee information, must be safely stored and protected. #CyberAwarehttps://t.co/fqPP1JZrUt pic.twitter.com/wpl6bAjnoc

— NatlCyberSecAlliance (@StaySafeOnline) October 10, 2019

Focusing on these target points is critical, says Tonia Dudley, CISSP, security solution adviser at Cofense and board member of the NCSA. Dudley says when it comes to phishing attacks, credential phishing is “still really big and continues to grow.” It is especially targeting executives and those at the C-suite level who may reuse passwords for their personal accounts for professional logins.

This is why training and awareness at work are important, Dudley says, because “users learn these behaviors in their organization and take this to their personal email and will be more cautious about clicking that link when asked for their banking credentials. It goes beyond just the organization’s security.”

And organizations are taking note with many adding an awareness role for security to their organizations.

“They are putting forth the effort to get their users to understand how their behaviors impact the organization,” Dudley adds.

In addition to educating employees about cyberattack trends, Dudley also recommends that individuals adopt password managers and two-factor authentication to secure their online accounts.

“I previously worked in the financial industry, and we know that threat actors would buy [compromised] credentials and blast them through,” Dudley says, alluding to the threat of credential stuffing where a malicious actor takes compromised credentials from other websites and attempts to enter them into another account based on the assumption that individuals regularly reuse their passwords.

“We reiterate using a password vault to manage your credentials, and using unique logins and passwords per website,” Dudley says.

She also recommends enabling two-factor authentication on accounts when possible, but especially for bank accounts, email accounts, and social media accounts.

“Keep those separate and unique,” she says. “Your email especially because its one account they can target to gain access to others—they can learn about your behaviors and do further social engineering.”

For more information on creating strong passwords, trends in phishing attacks, and vetting social media connections, visit ASIS International’s Cybersecurity Awareness Month catalog that provides a variety of Security Management articles on the topics.