Blog / Halloween and Cybersecurity Awareness
What does cybersecurity awareness have to do with the spookiest night of the year?
Ah, autumn! When the leaves change and come tumbling down, temperatures drop, and we begin the march towards winter. But it’s not all bad. It’s also the season for carving pumpkins, creepy and kooky costumes, and, on the penultimate evening of it all, shaking down the neighborhood for free candy. However, there’s an even better reason for loving the tenth month of the year, and that’s because it’s Cybersecurity Awareness Month!
Of course, in all honesty, as much as we love our jobs, even cybersecurity awareness can’t really hold up against Halloween. But to be fair, one evening of trick-or-treating isn’t exactly the entire month either. Maybe the two can coexist peacefully in the same month together?
All joking aside though, you wouldn’t be wrong to question if we even need a cybersecurity awareness month. After all, the whole point of these various “awareness” periods, be they a day, week, or month, is simply to raise awareness about a situation and get people thinking about the topic. Do we really need a cybersecurity awareness month?
Well, actually, yes, and here’s why; most everyday users assume that anything remotely related to the computer is not their problem, but that assumption is flawed. IT departments are responsible for the health and well-being of computers and other devices that operate in their organization’s environment. In some places IT can also be responsible for training users on (usually specialized) software.
However, Hollywood has dramatically skewed the general public’s view on how hackers operate. Movies and television have given us the impression that attackers prefer to target hardware, but this is simply not true; in actuality, attackers will generally focus their efforts on people, trying to find ways to trick users into clicking a link or downloading a dangerous file. When successful (and it is more often than you’d think), tricking staff into doing something they otherwise shouldn’t allows the attack to bypass every technical defense and challenge the IT team has deployed as a defense. Why put in the effort to overcome a firewall when you can just send a couple of emails to convince someone that a customer has changed their banking information?
Nobody likes wasting their time, not even the bad guys, who are going to use whatever tactics offer the most rewards for the least effort. Furthermore, the burden of entry for email hacks is incredibly low. The only thing needed to launch an attack is an internet connection and access to a mail server. Moreover, depending on the server, an attacker’s connection doesn’t need to be very robust nor the mail server powerful. No significant technical skills are needed, just an understanding of email and people. It’s no wonder many attackers focus entirely on using email to do their business.
Which brings us back to cybersecurity awareness month, and it’s importance. There are simply still too many myths and poor preconceptions being perpetuated about the nature of cybersecurity, hackers’ tactics, and the role of IT teams and everyday users. So maybe take a few minutes this month while you’re putting up the spooky decorations and carving up pumpkins to review your own understanding and role in maintaining your business’s online security.
For this week I’ll take a line from Hamlet; “Give every man thine ear, but few thy voice; Take each man’s censure, but reserve thy judgment.”
If you’d like help reviewing your own cybersecurity protocols or training staff about proper cybersecurity standards, contact a TRINUS cybersecurity professional to get yourself some stress-free IT.
Be kind, courtesy your friendly neighbourhood cyber-man.