SANS OUCH! for December: Yes, You Are A Target
Many people mistakenly believe they are not a target for cyber attackers: that they, their systems, or accounts do not have any value. This could not be further from the truth. If you use technology in anyway, at work or at home, trust us - you have value to the bad guys. But, you are in luck. You already have the best defense there is against these cyber attacks - you.
Cyber Criminals: These guys are out to make as much money as possible. What makes the Internet so valuable to them is they can now easily target everyone in the world with just the push of a button. And there are A LOT of ways they can make money from you. Examples include stealing money from your bank or retirement accounts, creating a credit card in your name and sending you the bill, using your computer to hack other people, or hacking your social media or gaming accounts and selling them to other criminals. The list is almost endless how bad guys can make money off you. There are hundreds of thousands of these bad guys who wake up each morning with the goal of hacking as many people as possible every single day, including you.
Targeted Attackers: These are highly trained cyber attackers, often working for governments, criminal syndicates, or competitors targeting you at work. You may feel your job would not attract much attention, but you would be very surprised.
- The information you handle at work has tremendous value to different companies or governments.
- Targeted attackers may target you at work not because they want to hack you, but to use you to hack one of your co-workers or other systems.
- These types of attackers may target you at work because of what other companies you work or partner with.
I Have Anti-Virus, I’m Safe
Okay, so I’m a target, not a problem. I’ll just install anti-virus and a firewall on my computer and I’m protected, right? Well unfortunately, no. Many people feel if they install some security tools then they are secure. Unfortunately, that is not entirely true. Cyber attackers continue to get better and better, and many of their attack methods now easily bypass security technologies. For example, they often create special malware that your antivirus cannot detect. They bypass your email filters with a customized phishing attack or call you on the phone and trick or scam you out of your credit card, money, or password. Technology plays an important role in protecting you, but ultimately you are the best defense.
Fortunately, being secure is not that hard; ultimately common sense and some basic behaviors are your best defense. If you get an email, message, or phone call that is extremely urgent, odd, or suspicious, it may be an attack. To ensure your computers and devices are secure, keep them current and enable automatic updating. Finally, use a strong, unique passphrase for each of your accounts. Staying cyber-aware is ultimately your best defense. Not sure where to start? Consider subscribing to the monthly OUCH! newsletter at sans.org/ouch.
View and download this and earlier OUCH! articles from