The Equifax hack. WannaCry ransomware. WikiLeaks — again. With all the news about state-sponsored ransomware, leaks of spy tools from US intelligence agencies, and campaign hacking, it’s hard to imagine that cyber security needs its own “awareness month.” Nonetheless, there is one, and it is very much needed.
October is National Cyber Security Awareness Month. The annual campaign is sponsored by the National Cyber Security Division (NCSD) within the Department of Homeland Security and the National Cyber Security Alliance (NCSA, a non-profit organization), and employs a variety of events, initiatives and resources to help the public and private sectors stay safe online, and to increase the resiliency of the U.S. in the event of a cyber incident.
Cyber Crime by the Numbers
The following statistics from the 2017 Cybercrime Report, sponsored by the Herjavec Group, attest to why the campaign is necessary:
Cyber theft is the fastest-growing crime in the U.S., and cost the global economy more than $450 billion in 2016, with more than 2 billion records stolen.
Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015.
Every 40 seconds a business falls victim to a ransomware attack. Cybersecurity Ventures predicts that will rise to every 14 seconds by 2019.
The FBI estimates that the total amount of ransom payments approaches $1 billion annually.
The FBI’s Internet Crime Complaint Center reports the BEC (Business Email Compromise) scam has increased 1,300 percent in identified exposed losses, totaling over $3 billion, since Jan. 2015. Cisco put the total loss due to BEC from Oct. 2013 through Dec. 2016 at more than $5 billion
Two out of three people have experienced a tech support scam in the previous 12 months, according to the Microsoft Digital Crimes Unit.
Cyber criminals are creating approximately 1.4 million phishing websites every month featuring fake pages that mimic the companies they’re spoofing.
The average size of distributed denial-of-service (DDoS) attacks is 4X larger than what cybercriminals were launching two years ago; more than 42 percent of DDoS incidents in 2017 exceed 50Gbps, up from 10 percent of cases in 2015.
It’s expected that newly reported zero-day exploits will rise from one-per-week in 2015 to one-per-day by 2021.
Internet users are the top target for cyber criminals, and it’s estimated there are currently 3.8 billion internet users (51 percent of the world’s population of 7 billion). By 2022, that number will likely reach 6 billion (75 percent of the projected world population of 8 billion).
Combat Insider Threats
While Homeland Security offers numerous suggestions for increasing cyber security awareness as part of its campaign, a good place to start is with using awareness to act against insider threats. It entails a combination of employee training, technologies and policies, and includes:
Incorporating insider threat awareness into periodic security training for all employees.
Implementing strict password and account management policies and practices.
Defining explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
Ensuring that sensitive information is available to only those who require access to it.
Using a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
Training employees to recognize common behavioral indicators among their colleagues. US-CERT has identified the following behavioral indicators of malicious threat activity:
Remotely accesses the network while on vacation, when sick, or at odd times during the day
Works odd hours without authorization.
Unnecessarily copies material, especially if it is proprietary or classified
Expresses interest in matters outside the scope of their duties
Shows signs of drug or alcohol abuse, financial difficulties, gambling, illegal activities, poor mental health, or hostile behavior.
Ensuring there’s a plan in place for dealing with cybercrime, including cybercrime perpetrated by employees, vendors or other insiders. In addition to following your organization’s rules and regulations regarding cyber threats, take the following actions:
Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or www.us-cert.gov
Inform local law enforcement as appropriate.
Report stolen finances or identities and other cybercrimes to the Internet Crime Complaint Center at www.ic3.gov