It’s Cybersecurity Awareness Month, and there’s plenty to worry about. Hackers are busy finding ways to exploit mobile, Big Data, the Internet of Things, and the cloud. And as vulnerabilities are patched, cybercriminals are shifting from quick attacks to stealthier long-term information gathering. Some 110 million people–half of American adults—have had their data exposed in the past year, according to Mcafee’s annual threats report. And an increasing number of cybercriminals are affiliated with governments and organized crime.
“Everyone should be worried—the general populace, innovators and engineers, CIOs and CTOs, the governments,” said CSULB computer science professor Mehrdad Aliasgari, an expert on computer security. “The number of attacks and threats that have been exploited have increased in a substantial manner. There’s more and more news of compromises on a daily basis than there used to be.”
Aliasgari said the level of required protection depends upon your role. On an individual level, we need to protect our social security and credit card numbers. But seemingly insignificant pieces of data, such as listing your birthday or pets’ and family members’ names on a Facebook page, can enable attackers to guess passwords or orchestrate social engineering attacks.
“For sure we know that there are folks who want to get their hands on your data,” he said. “The general population has been inadequately exposed to cybersecurity education. The attacks are taking advantage of that. They’re winning right now.”
Companies should be motivated to do their part to keep data out of attackers’ hands. If a company suffers an attack, it not only negatively affects their reputation, but companies lose money both from thieves and from loss of loyal customers.
“The federal government woke up after the Target attack,” said Aliasgari, adding that he doesn’t see government regulation as a likely solution. “You don’t need someone to tell you not to leave your wallet on the bus. The same applies to your digital life.”
Aliasgari would like to see more engineers well-versed in security. Typically, only computer engineering and computer science students take information security classes. And even in that discipline, there’s a tendency for security to be an afterthought when creating a new device or process. “That’s the worst thing—once you’ve built it, there’s not much room for security,” he said.
Opening suspicious emails remains one of the top ways to infect computers. But online ads are an increasing threat, with more than one-third of them carrying malware. Aliasgari said privacy is routinely violated in the age of context-aware ads, which gather consumer information in order to serve up potentially appealing ads.
Above all, protecting your device is essential. “You have to treat your personal devices like your children. They need to be protected,” he said.
One thing to bear in mind, is that if ads and social media platforms can track you, so can the hackers. And while public Wi-Fi might be useful for catching up on news, it’s not safe for financial transactions. “It’s not OK to go to Starbucks and log into your bank,” Aliasgari said.
Sponsored by the US Department of Homeland Security, National Cyber Security Alliance, and the Multi-State Information Sharing and Analysis Center, National Cyber Security Awareness Month was established by President Obama in 2004 to highlight awareness of the importance of cybersecurity.
In our increasingly connected world, the U.S. Department of Homeland Security stresses that no country, industry, community, or individual is immune to cyber risks. Nations face constant cyber threats against critical infrastructure and the economy. Cybersecurity risks individuals’ finances, identity, and privacy. For more information, visit https://www.staysafeonline.org.