When we think of cybersecurity or information security, what comes to mind? Often people that are not familiar with the industry think of what they have seen in movies and TV shows: a criminal hunched over some code on a computer hacking websites like a ghost. It is not someone that we would be comfortable hanging around, a nerdy criminal that could destroy our lives at the touch of a key. This perspective of the problem with information security, it is too incredibly enigmatic for anyone to appreciate or understand. It is more than hackers that seek solely to cause us harm, even though that is how the news portrays them. In the next series of articles, we will discuss the various concepts of information security to break down that divide. To create a more secure society, the public needs to understand how to protect themselves online. We will pull back that curtain and expose cybersecurity for what it really is.
This first installation will serve as an introduction to the series and implore you to learn more about information security. Let us first discuss the ease at which your data and companies’ data can be stolen. In the introduction, we discussed the media’s portrayal of hackers and how they operate. In most breach incidents, it is not some hacker writing some complex to sneak past the safeguards put into place. In reality, 90 percent of cybersecurity breaches is a social engineering attack. In other words, phishing or spear-phishing is responsible for the attacks. These methods allow hackers to sneak past digital barriers with ease. For example, if a hacker wanted to phish for your banking password located on your computer, there are a couple of ways that they could do it. First, they could send you an email with a PDF that is a coupon to your favorite restaurant. It could have the same random email as you have seen before, but when you download the PDF it contains a virus that takes over your computer and lets them take control. The scariest part about this scheme is that anyone can do it. The program is pre-bundled with a particular operation software. In fact, it is so easy that a 9-year-old could complete it with ease, and often do. There are several ways that a social engineering attack could be coordinated, but that is a concept that will be discussed in later articles. It is not a complex attack that always has to be run by a skilled hacker, it can be a simple as running a program and letting it do the work for you.
Cybersecurity is not all bad, however, because there are good people in this fight against digital criminals. They look just like regular people, except they work behind the scenes to protect your data every day. To protect yourself, you must understand the basic ways that these hackers work and how to prevent them in their tracks. This series wil cover social engineering, the dark web, virus and worms, ransomware, IoT, Car Hacking, and much more. Stay tuned as we explore the world of cybersecurity.
Andrew Burnett is a student at St. Ambrose University where he studies Cyber Security and Criminal Justice. He is a CodePath Tech Fellow and Teacher’s Assistant.