I was struck this morning to read a post on a Cyber Security forum with a link stating the “Super Bowl was Hacked!” Clicking on the link lead to this write up and picture. I can’t think of better visualization of the need for basic cyber hygiene. The cyber security industry kills many trees and wastes much bandwidth on discussions of cyber offensive and defensive strategies. Yet, if we can’t practice basic cyber hygiene, what is the point?
The UK Cabinet estimated that as much of 80 percent of cyber crime can be prevented with basic cyber hygiene. While that figure is pretty much a wild guess, its also likely very much accurate. We know very little about the basics of computer protection. Ask yourself, when is the last time you changed your password? Do you know what you are agreeing to when you given an app permission for access? Have you checked to see what programs are draining power on your laptop and communicating with external computers? The answer is likely no to all these questions.
Peter Singer defines basic cyber hygiene pretty well in a recent interview:
“If you follow what’s essentially known as cyber hygiene, very basic things in terms of having good passwords, changing them, not putting unknown equipment into your system, not clicking on links that common sense should tell you not to- your sister asking you for your bank account number when she somehow needs this when she’s in Iceland, and your sister doesn’t live in Iceland. And let me be clear, these things to protect yourself, this basic cyber hygiene, they would work on many of the national levels.”
I agree with Singer and will add emphasis on the point that there are basic things we need to be aware of before we jump to conclusions about vulnerabilities in cyberspace. Who is at fault if a foreign government obtains secrets? Is it the foreign government or maybe is it not the problem of the target in that they basically just left all their information in a place that was accessible externally?
In 2011, the British MOD called for basic cyber hygiene, but those in the cyber security industry can attest to how infrequently this concept is discussed. We spend time speaking of cyber Pearl Harbor, cyber Armageddon, the coming era of cyber espionage, the coming cyber war, but often fail even educate the public on the first step taken in order to shore up cyberspace. Don’t give your password away on national TV during the Super Bowl! That would be a good first step.