Proactively going head-to-head with cyber threats

I recently read an article stating that the biggest cyberattack of 2020 has already happened. Needless to say, this sparked my attention, plunging my mind into thoughts of sophisticated cybercriminals who have already hatched a plan attack that's just sitting in wait, ready to emerge when prompted. While I don't promote, condone or encourage using scare tactics as a way to educate others and prompt them to take action, this does sound a bit scary; so, I reached out to some cybersecurity experts and members of SIA's Cybersecurity Advisory Board to better understand and learn what you and I can do to protect ourselves going forward.

“The most successful cybercriminals are the ones you don't even know are there,” Tiffany Pressler, senior manager, HID Global, said.

Min Kyriannis, head, Technology Business Development, Jaros, Baum & Bolles further explained: “Typically, hackers will remain dormant in someone's network until a sequence or signal is sent to initiate the attack.”

To better understand a cyberattack, Pressler explained the Cyber Kill Chain, eight recognized phases that most cyberattacks go through. The phases are:

1. Reconnaissance
2. Intrusion
3. Exploitation
4. Privilege escalation
5. Lateral movement
6. Obfuscation/anti-forensics
7. Denial of service
8. Exfiltration

“Each phase offers an opportunity to stop the attack, but most aren't aware that a breach has happened at any of these phases until months or years after the breach has occurred,” Pressler explained. “Based upon that logic, any breach impending in 2020 is probably already significantly down the list of phase stages.”

This doesn't mean doom and gloom, but rather, a sort of "heads up" to take action now to protect yourself for what you already know is coming.

One of the biggest complaints people talk about is identity theft, so Kyriannis advised to see what services are available. “Following the Equifax data breach, there are free services provided to lock your credit report, for example TrueIdentity,” she said. “Always ask questions about how companies your working with are security the information you're providing them. I set alerts on my credit cards so that when I use them, a text message is sent to my cell phone.”

Pressler also offers some simple, proactive actions to take now:

• Turn on multi-factor authentication for any and all applications and devices.
• Use a password manager to help you remember and not reuse passwords.
• Always use complex passwords consisting of letters, upper- and lowercase, numbers and symbols. It's best when your password does not equate to a readable word, sentence or name.
• Never click on links in emails or text messages.
• Hover over links to reveal the full URL to see if it goes to a legitimate domain, owned by a company.
• Secure links with a link scanner, such as Norton SafeWeb or ScanURL.
• Never give out information through webpages launched from a link. Always go to a company's homepage and log in there.

“If you're proactive about setting these measures, you're making it harder for the cybercriminals, but you're also giving yourself a chance to recover quickly,” Kyriannis encouraged.