"There is a time to take counsel of your fears," General George S. Patton once famously said. Halloween marks the end of National Cyber Security Awareness Month (NCSAM). Let’s make this the time to take counsel of the cyber security fears that keep us up at night.
We asked more than 250 business professionals from across the country to share their concerns. Their answers seem influenced by recent headlines, the pending election, and the coming shopping season.
Biggest concern for business: hackersMore than half (52 percent) of respondents pointed to foreign hackers and domestic "hacktivists" as the greatest threat to US businesses. Recent discoveries and headlines about Russian and Chinese hackers feed an already charged atmosphere heading into the November elections .
What we should worry about: insiders
Do malicious outsiders really pose the biggest IT risk to companies? Numerous data breach reports and studies indicate otherwise.
According to a recent study conducted by Ponemon Institute [PDF], negligent insiders are more than twice as likely to cause a data breach as external culprits. Biggest concern for consumers: identity theftHeading into the holiday shopping season, three of the top four cyber security worries for individuals who responded to the Authentic8 survey were related to criminals stealing their identity: identity theft (80 percent), credit cards theft (78 percent), and phishing (66 percent).
Even an emotionally charged topic like surveillance seems to be less of a concern for business professionals. 59 percent were concerned about privacy violations and only 33 percent worried about government surveillance.
What we should worry about: malware
ID theft or phishing are merely abstract concepts for many consumers. Such schemes are hard to spot, which is exactly why they are so successful.
Malware is what makes them all work. Cyber criminals rely on malicious software, such as password-stealing keyloggers, to pull off their scams and heists. Malware like Zeus or Dyre can steal banking usernames and passwords. Such stealthy programs can cause major data breaches that result in millions of credit cards being stolen over the course of months or years.
Most at risk: government, banks?60 percent of respondents think the government and banks are the biggest targets for hackers -- 30 percent see Government agencies, another 30 percent the Finance sector most at risk of a cyber attack.
Makes sense, doesn’t it? The government runs the country and controls vital information, and banks are where the money is, to paraphrase " Slick" Willie Sutton . The data breach at the federal Office of Personnel Management (OPM) alone affected more than 22 million federal employees and their families.
What we should worry about: healthcare and retail
Banks and government agencies make it increasingly difficult for hackers to infiltrate their IT. Because of the efforts required, healthcare organizations and retailers are a much more lucrative target.
That means that health insurance networks, hospitals, retail chains and restaurants are much more likely to experience major data breaches, with often devastating impact for patients, customers or patrons.
Highly visible consumer brands are frequently targeted by cyber crime syndicates, because they have access to the credit card information of tens of millions of people. Recent examples include Target and Wendy’s. Personal health information (PHI) stolen from healthcare providers can be used for medical identity theft and insurance fraud.
Such incidents can lead to financial losses for the victims, and even damage their health.
Victims of medical ID theft have to pay more than $ 13,000 on average to get their life back. Some are even denied medical care, due to unpaid bills run up by someone else in their name.
What can you do? Fight back based on facts, instead of fear.
Which brings us to the second part of the General Patton quote: "...and there is a time to never listen to any fear".
Now that Cyber Security Awareness Month is almost behind us, with ample opportunity to take counsel of our fears, let’s take action.
It’s okay to be scared on Halloween. But when working away at your computer, don’t listen to diffuse fears of data vampires lurking in the Dark Web, or digital zombies . Instead, push back Patton-style, based on the facts.
As pointed out earlier, the real threats are often mundane and overlooked. The good news is that they, unlike some bogeyman in the shadows, can be dealt with.
Professionals should take to heart the basics: upgrade your passwords , monitor your accounts, and keep your software up-to-date, especially your browser.
Photo Credit: ArtFamily / Shutterstock
Scott Petry has been using the cloud to disrupt the information security market for nearly 20 years. He founded Postini in 1999, which pioneered the cloud-delivered service model for email security and content compliance, effectively securing SMTP while remaining compatible with every existing mail service. In 2007, Postini was acquired by Google, where Scott remained as Director of Product Management for Google Enterprise to further adoption of the cloud. In 2010, he co-founded Authentic8 , a secure virtual browser solution designed to address the inherent lack of security in the protocols the world uses to access the web. Silo, its flagship product, executes in the cloud, providing isolation from web code while providing a full fidelity user experience.