Cybersecurity is so hot right now and it seems as though everybody is talking about it. There have been so many cybersecurity stories in the news, whether it’s a retailer (Target – cough cough) with a data breach that had up to 110 million people’s credit card information compromised, or even a government employee who leaked classified information from the NSA (Edward Snowden – cough cough). The list goes on and on. The biggest difference between cybersecurity a decade ago and cybersecurity now is that it has become mainstream knowledge. Heck, even my grandmother now understands what I say when I tell her I run a “cybersecurity company”.
Even with all this exposure to the topic of cybersecurity, there is also one big misconception: it’s not just smart people with these incredibly complicated pieces of code that somehow get through all these barriers that are the culprits. Here is a secret I will share with you: the culprits are “insiders”, people who come to work at 9 and leave at 5, are friendly at the water cooler and maybe even bring in donuts on Fridays. You may be asking yourself why would this person be a threat? Well there are two reasons. One is they are doing stupid things without knowing how stupid these things are. The second is they were the good apples and at some point became disgruntled. Maybe it was the bonus they didn’t get last year or the extra vacation time they didn’t get. So, what can these “common folk” actually do that’s so bad?
Well, some employees are more equipped in their roles to do harm than others. Let’s take a look at Joe, the IT support guy who keeps the lights on with all your technology needs. Thanks Joe! Well, one day, Joe was getting ready to do an upgrade to the email system and he got a call from his manager telling him that he would have to wait until the weekend to do the email system upgrade. This infuriated Joe. It happens all the time. His manager makes him work weekends and he had tickets to Lady Gaga! Enough is enough, according to Joe. He wanted to find some dirt on his boss. He figured since he was an administrator to the email system and knew he had god-like privileges to everything email-related, he decided to open up his boss’s Inbox. Well, he found a lot of information he shouldn’t have seen. He even saw his boss speaking badly about him to the senior managers of the firm! Well, the guy who is responsible for keeping the lights on decided to turn them all off. The company was out of commission for a very long time and lost millions of dollars. Joe quit anyways so he didn’t care. There are probably lots of “Joes” across so many companies.
Another classic example is Sally in HR. She is sweet as pie and has been at the company for almost 40 years. We call her “Lifer Sally” and when you need anything, everybody knows to talk to Sally. She has seen the company grow from 100 employees to over 1,000 employees. Well, this year, the company started transitioning to a new state-of-the-art payroll solution. It has so much automation and all the bells and whistles HR people would love. Sally was a bit intimidated but knows she has to evolve with the times. They were about to go live and she got a frantic phone call from a gentleman from this new payroll company advising that there was a major problem. Payroll could not be processed with the new automated system and instead they will do this payroll manually. All she had to do was send an Excel spreadsheet with all the 1,000 employees and their details, including social security numbers, benefits information, bank account details, and more. Sally complied. And, guess what? The gentleman that called her was not really from the payroll company. They simply used common social engineering techniques to learn about this transition to a new system and found out who manages the process. Poor Sally….
I think you get the point. We live in a world where we need to be conscious of the fact that cyber security must be top of mind for everybody, in both your professional work environment, and even at home with your own personal information. There are a lot of bad guys out there. Some are out to do bad for political reasons, sometimes its ego driven, or sometimes it’s “hacktivists” trying to prove a point. Even more so, sometimes it’s kids in basements and amateurs doing it just because they can. And, it can be Joe or Sally who you would never guess can wreak such havoc.
All you can do is think logically and pay attention to the world around you as these case studies suggest. Then reach out to the experts and let them help you minimize your risk and exposure. Because the threats are on-going and often wreak great damage, cyber crime has opened the doors for innovation to solve these challenges and now there are many companies that can offer you the critical help you need!