EYE ON SECURITY
By Brian Tuley, IT Manager, City of Edmonds
Hardly a week goes by without news of another computer security breach. Cyber criminals continually adjusting attack methods in attempt to circumnavigate security.
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.
One of the current and quickly accelerating trends for computer attack is the use of “Phishing”.
Phishing is a form of social engineering in which a message, typically an email, with a malicious attachment or link is sent to a victim with the intent of tricking the recipient to open an attachment. Open the attachment or click the link, and you’re compromised! Compromise can include things criminal do is take over your computer, watch you with your web cam and microphone (cyber stalking), encrypt all your data demanding payment to retrieve it (that’s called ransomeware), record all your keystrokes so when you log into any banking site (known as a key-logger) the hacker has your account information; some exploited vulnerabilities and can literally, watch you via your webcam, know where you surf, and collect your passwords – it’s pretty scary stuff…
How do you defend against these types of attacks?
- Backup your data!! If it gets encrypted, you can restore from backups
- Keep your antivirus up to date
- Make sure your email provider has a spam guard
- Never, ever open an attachment or click a link in an email unless you are explicitly expecting that message from a trusted source.
- Be aware and pay attention
Most importantly, education goes a long way. To support staff in fostering security awareness, Edmonds is implementing a security and awareness training program. The program will help educate computer users on what to be on the lookout for when it comes to potential attacks. This program assesses vulnerabilities using simulates attracts, measures weakness, follows up with training, then re-assesses vulnerabilities. No environment can be 100% breach proof. The goal is to minimize risk and exposure. These strategies combined with hardware and software based risk detection, avoidance and remediation represent a modern approach to securing any infrastructure and keeping City systems safe.