Talking Security at Home, in the Office and In-Between

Recently, a member of the SIA Cybersecurity Advisory Board contributed to a roundup discussion in an independent supplement to USA Today, Talking Security at Home, in the Office and In-Between, produced by Mediaplanet in April 2016.

John Bartolac, Senior Manager, Industry Segments Team, North America Cyber Strategy, Axis Communications Inc.; Advisor, Security Industry Association (SIA) Cybersecurity Advisory Board, discussed cybersecurity concerns with the publication, which printed an edited version of his response due to space limitations. Here, the SIA Blog presents his full discussion.

What are some tips for readers to improve their network security?

There is no such thing as 100 percent secure systems. You can only make it more secure against threats. While it’s important to properly set up equipment on your network, it’s equally important to identify how the network is being used. Improving security is more a process than a product, so regular maintenance and updates are key to protecting against newer and evolving threats.

More than 90 percent of successful network breaches are due to poor configuration, poor maintenance and user mistakes.

Protection is different for an individual consumer versus a large corporation, but there are some basic things any user can do to improve network security:

• Change equipment default passwords.
• Use strong passwords that include numbers and symbols.
• If your network is compatible, set it up to utilize HTTPS for more secure communication and authentication across your network.
• Enable a firewall to protect against outside access to your programs.
• Regularly backup your settings and data to an external, removable hard drive or to the cloud.
• Regularly update programs and equipment firmware for the latest protection from the manufacturers.

With internet-users getting younger and younger, what are some standard guidelines that parents can implement when discussing internet safety with their kids?

This is a challenge because we don’t know what we don’t know. Some guidelines to consider would be to discuss the risks associated with e-mails from unknown sources and pop-up ads/links. Younger kids, and everyone for that matter, need to know that these unsolicited e-mails and links can be a veiled disguise for a phishing attack. Once opened or clicked on, these become an accepted communication that can infect your system with malware designed to either cripple your network or sift off your data without your knowledge. Forced pop-ups leave the user with no choice but to click on the ad. In this case, the easiest thing to do is simply close down the program or do a complete restart of the system. Using malware software and tools can help protect against these forms of attacks.

I would also add the importance of teaching younger users how to investigate if they receive something from an unknown source. It’s easy to go to a search engine, type in information about the unknown content and get results from others who can either validate or de-bunk it. Overall, the key is for parents to talk regularly with their children about using the Internet and sharing tips for diligence when online.

What are some motives behind identity theft?

There are many motives, but it often depends on who the thief or thieves are. Individuals stealing identities and associated data are out for quick, short-term monetary gains and tend to be more opportunistic. Very rarely does the individual thief seek to actually assume the full identity of the victim.

In comparison, more organized attempts at identity theft come from highly skilled individuals or organized crime entities, who also seek monetary gains, but on a larger scale and in a serial manner. It’s more of an occupation. Organized attempts tend to be laser focused at gaining large amounts of data, which can be sold to others for their own use or to cripple an organization. In recent months, we’ve even seen more organized theft of data and unauthorized access to an organization’s network used as an attempt to extort money from the victim(s).

What is the future of cybersecurity? What’s next?

While it’s impossible to predict the future, we do know technology is advancing at an ever increasing pace. Think about the past 5 years alone and how smartphones, tablets and mobile hotspots are all used today. The hunger for more technology and more applications will undoubtedly bring increased pressure on diligence against cyberthreats.

Consider the Internet of Things (IoT) where devices, vehicles, building systems and other items that utilize and implement technology, software and other types of sensors, are all done over the network. The direct integration of the physical world into network-based systems creates new levels and types of security challenges. Compound that with the growth of technology in emerging markets globally and you can only imagine the challenges when it comes to cybersecurity.

The one constant is diligence. Remain diligent in what you implement and how you implement it, and ensure that you regularly watch for newer threats and vulnerabilities. The development of the Common Vulnerabilities and Exposures (CVE) database is one example we have seen to help protect against threats in a more proactive manner. Managed by the MITRE Corporation, the CVE (https://cve.mitre.org/index.html) is a dictionary of publicly known information security vulnerabilities and exposures. CVE’s common identifiers enable data exchange between security products and provide a baseline index point for users in evaluating and updating their tools and services.

For more resources from the SIA Cybersecurity Advisory Board, visit the SIA Cybersecurity page at https://www.securityindustry.org/cybersecurity.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association (SIA).