If there’s one thing that 2017 thought us, is to be prepared and cautious all the time especially when dealing with matters revolving around cybersecurity issues. 2017 was an eye opener of how unprepared we are when dealing with an imminent hit and what to do when the inevitable happens or is about to happen. Although this year didn’t start as expected with Meltdown and Spectre COU flaws hitting the headlines, we still technically have a whole year to strategize on what is coming. According to last years predictions, 2018 will also be a year for hackers unless everyone is involved fully in preventing attacks, leaks and also patching and updating their software and systems.
When having a thought about cybersecurity, you have to put the following in your mind if you want to prevail against cyber attacks and other threats that present themselves.
Nothing is secure; everything Is Vulnerable
Due to the events which unfolded last year such as the KRACK vulnerability and this year’s CPU flaws, is safe to assume that nothing is secure anymore. With the mentality that nothing is secure, which of course is right, we’ll always be prepared whatever comes in our digital way unless its state-sponsored. People in companies should also be keen all the time and hence should go an extra mile to be cybersecurity minded even when they are outside in the organization. If systems were secure enough, giant tech companies wouldn’t be running bounty programs aimed at finding bugs. In other words, protect every device which carries information, is smart and that which can access the internet.
A vulnerability Will always Be Exploited
Since nothing is secure, there will always be a vulnerability just waiting for someone to exploit it if it’s not discovered soon enough. As everything evolves, so is technology and this means that earlier technologies will always have a loophole or something that can materialize into a vulnerability. This is why at the chip industry is working hard to patch the Spectre vulnerability which is said to be hard to exploit. Weaknesses are only hard to exploit at a particular moment because there’s no right technology or the resources are inadequate for the threats to be viable. For instance, we used to carry money around, and that was a vulnerability pickpocketers exploited. We then changed to credit cards, at the moment, they were secure until attackers could trick an individual into revealing their details.
Trust is also a vulnerability
As humans, we always have a weakness which is as a result of many unexplainable things such as trust, faith, and hope in the machines and infrastructure that we’ve built. Most times we forget that we are imperfect, coupling this with expectations, we fail terribly at cybersecurity matters. For instance, people are still victims of phishing campaigns because they trusted, hoped and expected that their antivirus software or firewall is impenetrable. As we have seen, none of the defense mechanisms on our system matched the ransomware which hit us last year. So, instead of trusting a particular flash drive is safe, scan it before using. Anytime you feel like trusting anything relating to cybersecurity matters, just remember ‘Nothing is secure, everything Is vulnerable.’
Technological advances are global, even for hackers
Just like Newton’s Law – every action has a reaction; the cybersecurity realm is not different, and it actually follows the same principle although the reaction takes time to be realized. For instance, the internet is one of the most significant milestones in the history of humanity. But also, it gave rise to more devastating cyberattacks. Another example is the discovery of encryption techniques in which hackers are using them in their ransomware. Also, the discovery of bitcoin has led to attackers demanding ransom via the same platform. This is clear that for every innovation and invention our tech undergoes, it also favors the bad guys. Understanding this will cut the link of our overreliance and ‘TRUST’ on the tech we have, sometimes we need to go old-school to combat cybersecurity threats.
Always be prepared
Lastly, cybersecurity needs both proactive and reactive measures, but most importantly proactive since we can only anticipate what might happen and other times we end up being surprised by the end results. Reactive measures may not know how to deal with surprises, but a heavily invested proactive mechanism will know what to do.
For instance, in an organization, its simple to have a proactive mindset regarding cybersecurity. All the security team needs to do is treat the organization as a whole by identifying threats to the underlying infrastructure efficiently. This can be achieved data analytics and active prevention measures. This process can be sped up by the tech available at the moment. For this to be ideal, the employees should also have the same mindset