In 2004, the United States created Cybersecurity Awareness Month, an initiative designed to make Americans think about staying safe when using information technology. At the time the proclamation was made, the cyber threat environment looked rather tame when compared to what we see these days. However, the government was concerned about specific incidents such as the systematic defacement of New Zealand’s government websites, the warnings from enemies about their growing cyber warfare military units, and the proliferation of worms targeting Windows computers connected to the internet.
We have been at the forefront of the cybersecurity movement since before the initial year of observation of Cybersecurity Awareness Month. We love to educate our clients on the importance and tactics of cybersecurity.
How Far Have We Come?
There is no question that we have come a long way since the first Cybersecurity Awareness Month was observed in 2004. It almost seems as if the White House declaration emboldened hackers, because by 2005 we started seeing more advanced threats such as malicious spam, botnets, and Trojan attacks that directly aimed to steal online banking credentials. A couple of years later, it was clear that cybercrime groups realized that there was big money to be made through this trade; this is when hackers began to conduct their attacks in a business-like fashion, and they also focused on developing more sophisticated malware.
By 2015, the annual conferences held against the backdrop of Cybersecurity Awareness Month had shifted their focus towards ransomware attacks and the emerging Internet of Things (IoT). Spam and spyware progressed into phishing, and old-fashioned social engineering made a strong comeback. Cloud computing and the widespread adoption of mobile devices have greatly advanced efficiency at all levels, from personal to business and from scientific to governmental, but this has also resulted in a major widening of what is known as the attack surface, which is the sum of all the platforms hackers can use to compromise security.
Attack Vectors: The Basics
An attack vector is a vulnerable endpoint. In the field of information security, endpoints are devices that connect to networks through various internet connectivity protocols. Smartphones are endpoints, and the same can be said about cloud printers and even modern baby monitors with wireless connections that allow parents to check on their children from their smartphones. Even smart light bulbs that are controlled through mobile apps are endpoints.
As previously mentioned, hackers see all endpoints as potential attack vectors. A smart refrigerator can be used to breach a residential WiFi network, and this opens many other possibilities, particularly if someone in the targeted house gets a little work done from home by connecting to the office from a laptop.
During a recent symposium held in Schenectady at the Water’s Edge Lighthouse, state government officials and law enforcement agencies met with information security specialists as part of Cybersecurity Awareness Month. One of the many issues discussed was the pressing need for endpoint detection response (EDR) systems for all networks that connect to the internet.
EDR is the new standard of information security; it aims to monitor every device that connects to a network, and it stands ready to react to cyber threats through two methods: automated mitigation processes and alerts.
Proactivity Over Prevention is a Key
Office networks can no longer be protected through preventative strategies. Computer science historians point to 2004 as the year when cybersecurity was forced to become proactive, and the turning point was the global propagation of the Sasser and MyDoom threats.
These worms infected desktop and laptop computers regardless of existing firewall and antivirus technology. The immediate fix was provided by executable files that required a certain download and installation sequence. This was the moment when IT security turned proactive, and Microsoft took action with its “Patch Tuesdays” initiative, which eventually turned into the automatic rolling releases of Windows security updates. Before the end of the year, and not coincidentally, the White House made its first Cybersecurity Awareness Month declaration.
The reactive nature of modern cybersecurity systems goes beyond EDR. At Novatech, many of our business clients require proactive and remote managed IT services because their IT departments are not set up to react to incidents on a 24-hour basis. Ransomware attacks are clear examples of IT security incidents that require EDR protection along with immediate reaction from a security operations center (SOC).
In the end, it is crucial for business owners to understand that the current state of cybersecurity calls for EDR + SOC solutions. If there is a single lesson to learn from Cybersecurity Awareness Month, it is that getting hacked is not something that can be fully prevented anymore; it is more a matter of when your business will be hacked, and whether you are prepared to react, mitigate, and recover accordingly.
We work with your team on a protection, mitigation and backup strategy that will help protect your company and its valuable data no matter what happens. If you want to learn more, give us a call today!