The More Things Change, The More Things Stay The Same

By Will Pelgrin

Over the last 15 years we have seen much change in the cyber security arena.  For me one, of the most notable is cyber awareness. Internet users worldwide are more aware of the major cyber threats we all face.  Identity theft, financial fraud, cyber espionage, ransomware, and corporate and government breaches are common and all too frequent news stories.  Unless one has been living on a desert island, there isn’t a connected online person who hasn’t read about or been impacted by a cyber event.

The recent high-profile breaches of banks, retail companies, hospitals, major media outlets and government agencies are sobering reminders that cyber attacks are a real and present danger. The global impact on the economy, society and on a very personal level is staggering and, to many, devastating. Cyber crime has reached pandemic proportions and, therefore, requires an unparalleled response.

Sadly, in spite of the fact that we are much more cyber security aware, we are still not practicing the basic principles of good cyber hygiene. We know intellectually to have strong passwords, not to click on links from unknown or unfamiliar sources, and not to post too much information on social media – yet the many of us still do.

While 100% security does not exist, that doesn’t mean we do nothing 100% of the time. I recognize that many of the cyber breaches are outside our individual control. I have been a victim of a couple of the retail and health care breaches. No matter how good my personal cyber security practices are, nothing I did could have foiled those successful attacks. However, that does not mean I should give up. There are many things within our personal control that we can do to improve our cyber security posture. In fact, implementing a few basic yet critical security best practices will address a significant number of the known attack vectors.

Albert Einstein is widely credited with the saying that “the definition of insanity is doing the same thing repeatedly and expecting different results.” That definition could certainly apply to our global, collective cyber security habits: we keep repeating the same bad behaviors over and over, and yet we wonder why cyber crime is still growing. The key to being better secured will not be found in more technology — it’s in changing human behavior.

How many more incidents will it take for us to truly take action? Every time I read about a new breach, I think maybe this is the one that makes a difference and will create a movement for change. How many more identities need to be be stolen?  How much more money needs to be lost? How much more intellectual property needs to disappear?

There continues to exist an attitude, whether consciously or subconsciously, that we are not responsible to defend ourselves against cyber attacks – it is someone (anyone) else’s (banks, stores, governments) job to protect us. However, we need to take some responsibility for protecting ourselves.  The time to talk is over; it’s time that we institutionalize good basic cyber hygiene. It’s time for an action-oriented campaign to strongly promote good cyber practices. We must redouble our efforts to implement good cyber hygiene.  Fundamentals such as using and devising unique strong passwords, not reusing passwords at multiple web sites, avoiding phishing scams and requests to indiscriminately share Facebook posts and email chains, and being careful about links we click or attachments we open, all will go a long way toward improving our own personal cyber security posture.

We must ensure our systems, devices and applications are configured securely and updated regularly.  We are still seeing some organizations being infected by the Conficker worm — remember that one? — because they haven’t updated their systems or are running outdated antivirus protection.

We must make sure good cyber security is a focus of our daily routine – just like brushing teeth, buckling a seat belt, or eating healthy foods.

The good news…there is much we can do to better protect ourselves.  But we don’t have time to waste.  The time to act is right now; the next breach is right around the corner.

Just like the “Smokey the Bear” slogan that “only YOU can prevent forest fires,” we need a similar mantra for personal cyber security:

Only YOU can change YOUR behavior!
Get cyber healthy now!

The author, William Pelgrin, is Chairman of the Board of the Global Cyber Alliance.

You can follow him on Twitter @WilPel