Haunted houses are everywhere in October. While you may see ghosts, zombies, or any manner of scary creatures as you explore the darkened, cobweb-lined hallways, what you won’t see are things you should be afraid of. Phishing scams, cyber-attacks, and other forms of malicious cyber activity are some of the real-life threats any of us could encounter at any time. We sat down with Tom Millar, senior advisor at the Cybersecurity and Infrastructure Security Agency (CISA), to learn more about real-life scary cyber stories and what we can do to avoid a starring role in one of these events.
Millar has been working with CISA before it was even called CISA. He has spent much of his career dealing with vulnerabilities and response coordination. One of the scariest stories he can recall is something that didn’t happen to him but is a true story – one that has had a lasting impact on his career.
“A ransomware response team was called in to deal with a case of ransomware and help with the recovery effort. They were trying to figure out what could be recovered and salvaged from the ransomware incident,” he said. “The company didn’t pay a ransom or get an encryption key. They just had to recover everything that was left.’”
Ultimately, after recovery, the company found out the ransomware had removed all evidence of what the bad actors had done in the network. “The reason this is a scary story to me is because even though they thought it was ransomware, it was actually an advanced threat actor trying to accomplish some other goal that we’re not completely clear on.”
Cyber attacks can happen to businesses of any size, and individuals aren’t immune, either. Millar had a few recommendations we can all take to keep ourselves safer.
“The number one thing I tell people is to make sure you’re not reusing passwords between sites,” Millar said. “If you reuse your passwords, bad guys love that. They use that to exploit various sites, to get into your iCloud account or something similar. Then the rest is smooth sailing for the attacker.”
“The next step is that wherever possible, if you have the option, to enable two factor authentication. Take advantage of those extra security layers to protect yourself and your accounts.”
His final tip is for cell phone users and anyone who uses an app. “Make sure you have enabled automatic updates . All your most important systems and applications should have an automatic update feature. We strongly encourage everybody to enable that wherever possible,” Millar said. “And if you can’t use automatic updates, make sure you’re still updating on a regular basis. Every time you use the application, check for an update before you run it.”
CISA offers several free cybersecurity resources to keep organizations and individuals aware of threats happening in the cyber world. Its Shields Up campaign offers advice and training in cybersecurity, and users can also subscribe to receive updates through alerts and security bulletins.
Keeping the cyber world more secure is a crucial part of CISA’s mission and you can be a part of it. See yourself in cyber by visiting their website to find the latest job openings.
SPONSORED CONTENT: This article is written on or behalf of our Sponsor.
