I love Jeopardy. But the reality is, I hardly ever watch it. But, when I hear about someone on a hot streak like Ken Jennings or James Holzhauer, I tune in and watch the geniuses clean up.
When I heard about the GOAT (Greatest of All Time) Tournament, I went out of my way to set the DVR, so I wouldn’t miss the epic showdown. All in all, I wasn’t disappointed – except for one category. It proved to be a disappointing showing that is, unfortunately, a true representation of society’s knowledge… of cybersecurity.
While I was disheartened by the Mensa-level contestants’ showing in the category, I was finally able to beat out my wife in a category and felt like the smartest person in our house for about 60 seconds (even though deep down I know I’m not).
Not only was the showing bad, they knew so little about the topic that they didn’t even answer two of the questions!
Cybersecurity can be complicated, but these questions were fairly basic. It reminded me of how big the knowledge gap is on the topic and why we keep reading, seeing, and hearing of companies getting hacked on a daily basis.
I don’t believe this is a matter of wanting to learn more about this issue – we need to put effort into understanding the issue, just like we would into management/leadership techniques, sales strategy, or any other business skill.
These Jeopardy questions weren’t overly important topics to know, but let me show off at least a little here and maybe we can close the knowledge gap just a tiny bit…
“This type of hacker referred to by a colorful bit of headwear helpfully tests computer systems for vulnerability." (Incidentally, I thought this should have been one of the tougher questions in the category.)
What is, “White hat hacker”?
The term “hacker” is commonly associated with the bad guys, but in reality, that’s not the case. The bad guys are more specifically “black hat hackers” and are the opposite of white hat hackers.
White hat hackers are the ethical hackers, experts in compromising computer security systems, who use the vulnerabilities they find for good, ethical, and legal purposes rather than bad, unethical, criminal purposes. Penetration testers are a great example of this. When Avalon Cyber is hired to complete a penetration test, our white hat hackers (penetration testers) attempt to infiltrate a client’s network. Once they do, they document how they got in and provide a report to give insight into where the client’s network is weak, so they can harden that network.
Black hat hackers violate computer security for personal gain or out of pure malice. These are the hackers behind the ransomware attacks that you have likely seen in headlines across the world over the last few years.
“A website with a site certificate is one that uses encryption; this letter after HTTP is one sign of it.”
What is, “S”?
You may not even notice this, but when you visit a site, the beginning of that web address is either “HTTP” or “HTTPS.” And that is the difference between a website that’s open and one that uses SSL (Secure Sockets Layer) to encrypt the communication between your device and the server that is hosting the website. It certainly doesn’t mean that the website is 100% safe, but I certainly wouldn’t want to visit too many sites that don’t have the “S.” Perhaps, as a precaution, your company might even want to block sites that are not using SSL.
“Companies consider cybersecurity when instructing employees with a policy on BYOD, short for this.”
What is, “Bring Your Own Device”?
Every IT managers favorite topic: BYOD (not BYOB). This is in reference to employees using their own cell phones or even their own laptops at work. It is becoming more and more common for companies to adopt some sort of program allowing their employees to use their own devices in some capacity. But not enough companies have established a clear policy about how those devices can and should be used. What’s the big deal, you might ask? Here’s the gigantic, humongous, colossal deal: If a company’s IT department doesn’t own those devices, how can they be sure the latest security patches are installed or that there’s no malicious software present? Or what if an employee takes an infected device and connects it to a company’s network? We won’t even get into the legal issues surrounding who owns the data on those devices. It’s a messy scenario and one that can’t be ignored.
“A ransomware attack that encrypted 3,800 City of Atlanta computers demanded 6 of these digital items to unfreeze them.”
What are, “Bitcoins”?
There, in my opinion, is your 200-point question, not your 800-point question. If you haven’t heard of Bitcoin, then you probably don’t own a computer and aren’t even reading this blog. Bitcoin is a virtual currency that uses peer-to-peer technology to facilitate payments. Extraordinarily controversial, but many believe it is the future of world currency. Even some major banks have gotten into the cryptocurrency game. Depending on when these black hat hackers requested the six Bitcoins, Atlanta could have gotten off with a deal. Last year Bitcoin traded anywhere from about $3,300 per coin all the way up to $12,600 per coin. (BTW, stay tuned to Avalon Cyber for an upcoming blog about whether you should ever consider paying ransomware.)
“Beware of these types of programs that track every stroke you make while typing in an effort to glean your password.”
What is, “Keylogging”?
Keyloggers have been around for at least 20 years. These programs run in the background on your computer or network and are logging every keystroke a user makes. For example: Let’s say you open your browser, type in the website of your bank, and then type in your username and password to access your account. Guess who now knows where you bank and how to access your account? And it could be more than just your bank account. Maybe it’s your business’s accounting system, your HR system, etc. (I think you get the idea here.) This is a tool used by black hat hackers once they get into your network to gain credentials to various systems. In a word, keylogging is BAD. To protect yourself from keyloggers, set up two-factor authentication (2FA), require your employees to create strong passwords and change them frequently, and make sure your system’s software is updated regularly.
So, there you have it, next time you’re a contestant on Jeopardy and the category of cybersecurity pops up, hopefully, you’ll do better than the guys who were deemed the greatest of all time.
Want to brush up on even more cybersecurity knowledge? Avalon Cyber offers a wealth of blogs, white papers, case studies, videos, and webinars on the topic. Then, pass this info on to your employees, vendors, and stakeholders. Together, we can close that knowledge gap, ASAP.