Cyber threats are everywhere these days — just check your spam folder.
But by now, most of us know not to click on links from random emails and other phishing attacks. But these days, that’s low-level hacking.
So how prepared are you?
First off, it’s important to remember not all hackers have the same capabilities, but how big of a target you are also depends on a lot of different things.
“A basement-level hacker is not going to be able to do the really sophisticated operations that a nation-state actor would be able to do. And that’s reflected in their tradecraft,” said Charles Harry, director for the Center for the Governance of Technology and Systems at the University of Maryland.
“And so that’s the first thing people need to understand is that if you’re just kind of an individual, and you’re worried about your own personal cybersecurity, you’re probably going to be facing a different threat actor than if you work for an organization that has a real interest to a nation state. So the level of sophistication changes quite dramatically. And so that’s something that a lot of people fail to understand.”
For most people, having a strong and unique password and avoiding those spam links is enough, at least most of the time. But if you work for a government agency, or your company does a lot of work with the federal government, that increases your vulnerabilities, especially if you work from home.
“If they’ve enabled you to work remotely, they probably have given you access to their VPN services and other ways to get directly to that company’s network,” Harry. said.
“You have to be very careful about using your work computer, or your personal computer at home, because you might actually be the way into the corporate network. And that’s one of the reasons why IT administrators are so concerned about remote access.”
Smart devices, even printers connected to your Wi-Fi, are also potential openings.
“You can find an awful lot of printers that don’t have default password or don’t have passwords, or they have the default password enabled,” Harry said.
“And a lot of those lists of default passwords … are freely available on the internet” via a simple Google search. “You’re going to find lists on the open internet that basically associates a particular printer type with default username passwords.”
“I can walk in right through the front of your network just by going through your printer,” he added.
The most sophisticated hackers — often associated with spy agencies — also love LinkedIn. Some might even pretend to want to offer you a better job than the one you have.
“It’s a great resource for hackers to learn all about your company, who works at your company, and that becomes part of the what we will call the reconnaissance process of hacking,” Harry said.
“For instance, if I’m interested in going after … a significant defense contractor, because I’m interested in the work they’re doing for the for the U.S. Department of Defense, then all I have to do is go to LinkedIn, type in the name of that organization, and I’m going to generate lists and lists and lists and people who have associated themselves with that organization because they have a job there.”
He added that as a hacker, “If I’m looking to understand who are people that I can send a malicious email to, or that I might be able to compromise through other social engineering techniques, LinkedIn has gave me a really nice list of people that I can start with.”
But ultimately, he said, most people are vigilant enough.
“While … being cautious, there’s not really a reason to be fearful being online,” he said. “Just be mindful.”
Get breaking news and daily headlines delivered to your email inbox by signing up here.
© 2024 WTOP. All Rights Reserved. This website is not intended for users located within the European Economic Area.
