Dwight Watt - Newspaper Article #478 10/30/2019

Question: What is the weakest link in cybersecurity?


Most people think the weakest area of cybersecurity is the machines. Actually about 60-75% of all attacks on computers occur because of something humans did or did not do.

Cybersecurity if the security of computers and networks. You hear almost daily in popular media and lots of times during days in the cybersecurity media of hacks, breaches, theft of data and destruction of data. These can range from people just got in places they should not have to ransom wear attacks to huge amounts of private data stolen.

No matter how well a network and machine security system you have, if people let threat actors in the computer of network, the protections don’t work.

How do humans let threat actors (those who are attacking networks and computers in any way) get in the network or computer?

Passwords is a major one. This could be by you giving threat actors your password that lets them access your account and then do more probing. This could be by simply responding to spam emails about “security problems” or telling them with phone phishing calls. Your bank and any other security group with your account will not ask you for your password. They have the ability to get in anything.

Second is also passwords. When you get a wireless device or wireless switch, change the password on the device. This includes Alexa and small devices all over that connect wirelessly including toasters, doorbells, etc. In the directions that come with the device (or you can look your device up on the network and get the directions) you can see how to change from the default password. By default, most of these are admin or password. You could create a different account with admin rights and delete the default admin account to make securer. Record the password somewhere, but f you lose it, you can still get back in the device by doing the reset. Now the threat actor that gets to your device cannot get in and divert traffic, listen to traffic, etc. and steal other data and passwords.

Should surfing is another way where people watch you type in a password and now know it.

Using the same password for all your accounts is also a problem. If a company you have an account with is breached and usernames (often email addresses) and passwords are stolen, they can now try those combinations elsewhere and you (yes anyone) can buy these files on the dark web. If you get an email from someone that shows a password and says pay up or they will release stuff they saw with your camera and watched you do on computer, they probably have not. One, if your computer has a camera (most laptops do) you can keep the camera covered when not using and if they had been in, they have a black recording. A popular give-away now is a little piece you put over the camera lens and it slides open and closed. If it is a password you use now, change it everywhere you use. I get those emails and the password they give is one I last used over 10 years ago.

Picking up USB drives laying in parking lot and plugging in PC may put malware on PC that allows them access.

Be careful and make your link in the cybersecurity chain stronger.