As attackers evolve and exploit new vulnerabilities, organizations and private users alike must take great care to follow the above tips, and more before wading into the cyber battleground.
The best spies and cyber attackers embrace advances in technology to carry out traditional espionage goals. Cyber crime has followed the spy playbook. All attacks are now espionage, and to defeat the wave of continually evolving attacks, cyber security must think like a spyhunter.
“Espionage is the greatest threat to cyber defense because spies have evolved into hackers,” says cybersecurity expert and veteran FBI agent Eric O’Neill.
O’Neill is the FBI agent famous for capturing Robert Hanssen, one of the most notorious spies in U.S. history. The remarkable events behind Hanssen’s capture were the inspiration behind the film Breach, starring Ryan Phillippe as O’Neill. O’Neill’s sleuthing background provides him with an expertise in cyber security as well. Currently, Eric O’Neill runs The Georgetown Group, an investigative, security consultancy, where he specializes in counterintelligence operations and cyber security penetrations.
Just as O’Neill’s transition into the realm of cyber security should not be surprising, a spy’s transition into the world of cyber hacking should not come as a surprising either. “The best spies and cyber attackers embrace advances in technology to carry out traditional espionage goals. Cyber crime has followed the spy playbook. All attacks are now espionage, and to defeat the wave of continually evolving attacks, cyber security must think like a spyhunter,” says O’Neill.
So how can you and your organization think like a spy hunter?
Learn to detect phishing emails
In the last two years, the most critical and devastating cyber-attacks have started with targeted and well-researched attacks to compromise a single person through email phishing. The Russian breach of the DNC and Hillary’s campaign during the 2016 election is just one such example; DNC accounts were infiltrated through phishing. A phishing attack is highly personal, the phisher knows your name, your email address, and a little bit about your friends/colleagues or maybe a recent purchase that you made.
This type of cyber espionage requires a dedicated analysis and research of the target and leverages that information to bait a person into sharing confidential information and access to their account without their knowledge.The majority of phishing attacks can be avoided by exercising caution in clicking links and opening attachments.
Choose better passwords
When it comes to choosing passwords, we all have a tendency to recycle. That’s why the most popular passwords are also the ones easiest for online spies to guess. Experts suggest using passphrases, not passwords. Choose a phrase like your favorite lyric or quotation and make sure it’s 25 characters long. Also, Whenever possible, set up a two-factor authentication. When you log into an account with your username and password, the two-factor authentication will send a code via text message, or you may use an app on your mobile phone, to confirm your identity. Also, consider password manager apps and browser extensions that store your login information for all the websites you use and help you log into them automatically.
Protect against ransomware
Ransomware is a type of malware that prevents users from accessing their system until a ransom is paid, and it grew faster than any other malware attack in 2016. While most malware attacks targeted small and medium businesses in the healthcare, technology, and energy sectors, it was banking that took the next biggest hit—attacks grew by 218% for technology, by 112% for energy, and 93% in banking. Despite this, the majority of companies in the U.S. continue to ignore the problem. To safeguard against a ransomware attack, ensure that all critical data is regularly backed up in a secondary, secure, and offline location so that the files are not directly connected to a desktop system where the ransomware or an attacker can reach them.
Secure social media accounts
“Social media continues to serve spies,” says O’Neill. Mining social media accounts for freely offered information arms a spy seeking to launch a social engineering attack such as phishing. Intrinsic knowledge of a target, their goals, and likes, their relationships, and desires, is a foundational tenet of cyber espionage. Research that used to take meticulous time and effort to acquire can now be accessed with a glance at Facebook or through clever google searches. Careless friends and marketing hungry organizations, excited to share information, can throw even the most cautious and Internet savvy to the wolves. Taking care to use social media privacy settings and being judicious in the content you post can go a long way in protecting data.
A cyber hack can be catastrophic to any organization. According to the National Cyber Security Alliance, about 20% of small businesses are victims of a cyber attack, with 60% having to shut down their business less than 6 months after the attack. While many attacks can be mitigated or avoided by installing antivirus and anti-malware software, they cannot account for every attack, especially those targeted at a specific individual or organization.
As attackers evolve and exploit new vulnerabilities, organizations and private users alike must take great care to follow the above tips, and more before wading into the cyber battleground. “For this reason, complacency is the true enemy of cyber security,” says Eric O’Neill. “The best cyber security works like a spyhunter.”
DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation in writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.