Government
Physical Security vs. Online Security: Why Both Matter
To start our introduction, let’s look at a few key incidents taking place over the last decade or so:
• Iran engaged in a multi-year, global DNS hijacking campaign targeting telecommunications and internet infrastructure providers, as well as government entities in the Middle East, Europe and North America.
• The U.S. Democratic National Committee was targeted by Russian hackers in the weeks following the 2018 midterm elections
• U.S. prosecutors unsealed two indictments against Huawei and its CFO Meng Wanzhou, alleging crimes ranging from wire and bank fraud to obstruction of justice and conspiracy to steal trade secrets.
• Former U.S. intelligence personnel were working for the UAE to help the country hack into the phones of activists, diplomats and foreign government officials.
• The U.S. Department of Justice announced an operation to disrupt a North Korean botnet used to target companies in the media, aerospace, financial and critical infrastructure sectors.
(Above information quoted from the Center for Strategic & International Studies: Significant Cyber Incidents)
What do all of these incidents have in common?
Every single one represents a major cyber attack against U.S. government agencies and personnel, defense and high tech companies, and economic entities with financial losses sustained in excess of $1 million.
And it’s only the tip of the iceberg.
Understanding Cyber Threats
Cyber threats take the form of online attacks against our data by targeting the devices our data is stored and shared on. Databases, computers, smartphones…
As you can see from the stats quoted above, cyber attacks are very serious occurrences, which can – and do – lead to electrical blackouts, national security breaches and military equipment failure.
Gartner elaborates: “Cybersecurity risks pervade every organization and aren’t always under IT’s direct control. Business leaders are forging ahead with their digital business initiatives, and those leaders are making technology-related risk choices every day.”
What makes this quote exceptionally worrisome is, despite data security solutions abounding, the 2018 Hiscox Cyber Readiness Report shows 70% of U.S. businesses are wholly unprepared to respond to a cyber attack. For a nation so paranoid about cybersecurity threats, this is a shocking statistic.
[wps_products_gallery product_id=”4333909639219, 4347618066483, 4334000767027″]
Static Threat
Millions of online security threats emerge every year. Most of them fall under the 10 most common cyber threat types:
• Malware
• Phishing
• Spear Phishing
• “Man in the Middle” (MitM) Attacks
• Trojans
• Ransomware
• IoT Device Attacks
• Data Breaches
• Mobile App Malware
• Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
To read more about these and other common cybersecurity threats, visit 17 Types of Cyber Attacks To Secure Your Company From in 2019.
This might seem like a small list, but it’s constantly being expanded. Even those remaining common aren’t remaining the same – they’re getting increasingly potent.
A good example are Advanced Persistent Threats (APTs), which “burrow into networks and maintain ‘persistence’ – a connection that can’t be stopped simply by software updates or rebooting a computer” (Business Insider). APTs are one example of cyber threats being expanded to fit in with modern-day changes.
How Online Security Overlaps Physical Security
Remember when we mentioned military equipment, government agencies and high tech defense companies are among the most common targets of cyber attacks?
Imagine this scenario: after months of specialized targeting, hackers infiltrate the U.S. national power grid and shut it down.
At the same time, data stolen through cyber attacks against universities allow a hostile state to successfully replicate and launch advanced U.S. military technology.
These efforts are funded covertly through millions of dollars stolen by financial hackers, and are used to strike when the sensitive information gained through insider-infiltration disarms our defense systems and other infrastructures.
While it’s an entirely hypothetical scenario at this point, if the pieces come together in the right way, even if entirely independent of each other in their execution, our physical security will be severely undermined by a lack of appropriate online security.
Takeaway
While there’s a realistic fear of cybersecurity threats, it’s clear most American individuals and businesses are wholly unprepared. It’s time to change this.
The following resources will help you better protect your personal and business devices against online security breaches:
• How to Conduct an Internal Security Audit in 5 Simple, Inexpensive Steps
• 10 Best Hardware Firewalls for Home and Small Business Networks (2019)
• 7 Best Security Software for Small Businesses (2019 List)
• 7 Ways to Recognize a Phishing Email
• Top 10 Password Policies and Best Practices for System Administrators
• Two Factor Authentication – the Two Simplest and Best Ways to Enable it for WordPress
• Install an SSL Certificate on a Domain (cPanel)
• How to Install SSL Certificate for a Domain in Plesk