How do you know where you are going unless you know where you have been? This simple phrase helps to narrow down the nebulous art of predicting the year to come. In preparing an article like this one, it helps to look back at headlines from the past year. 2018 was full of data breaches, breaking of social trust, and sale of personal information. The idea of looking towards the future is to do better. If we are unable to get a good view of the past, are we not doomed to repeat it in the future? Granted, this is a heavy concept at times, but for cybersecurity there is hope. We are at a tipping point in our cultures, governments, businesses, and the way we allow our information to be used by those we once trusted. The year 2019 will hold similar predictions as 2018 did. We are in for more breaches, theft of data, and persistent threats. The new year will not be all doom and gloom, however, as there are ways to help insulate and protect yourself and your business from what is to come.
Back to Basics
What are some of the basic cybersecurity protections to carry into the new year? Password management is the first line of defense in many attack scenarios. Adopting sound practices like multi-factor authentication, passphrase vs. complexity, and privileged password management should be at the top of the list to mitigate credential theft. A good rule of thumb to live by is if you haven’t changed your password on a site or application in a year, someone has that password. The logic behind good password management is to keep valid credentials out of the hands of attackers. The reasons so many credential theft attacks are so successful is that people reuse credentials on multiple sites. Don’t do that.
Defense-In-Depth
Defense in Depth has been made famous by the military. The simple rule is to layer your defenses and look for synergies between them. All aspects of security can be made better by following the principles of Defense in Depth. A simplistic way to look at defense in depth is two use two of something. Think a hardware firewall and a software firewall. Most individuals and organizations have at least this configuration. The trick is to make sure that both are configured and working together. You can apply this methodology to just about everything. Think of defense in depth as your plan B, in an active configuration.
Selective Use of Social Media
Trust in our social media over the past year has been broken. Our information is for sale, not only by those that steal it. We are experiencing an emerging trend where platforms feel entitled to the data we knowingly and unknowingly ingest into their platforms. Because of this, we are looking at a few options. One, we can accept that what we put on the internet is for everyone, regardless of assurances to privacy. Two, we limit what is appropriate for social media and leave profiles, pictures, browsing habits, and location information off social media. Three, we abandon social media altogether to demand sweeping changes. Remember, social media makes a living by allowing advertisers to target better and solicit you.
Overall, 2018 was like the year before it when looked at through the lens of cyber security professional. Breaches still happened, social media wrongfully sold our information, and you probably didn’t change your password. Next year will have breaches. Social media outlets will be caught selling our information for advertisement revenue. Hopefully, you will look into a form of automated password management for yourself and your organization. Consider the impact adopting a back to basics security approach. The fundamentals of any skill are often the most important. Defense in depth can bring a measure of additional security when attackers exploit a flaw in your first line of defense. Say what you will about the benefits of social media. It has drawn us closer together and driven a wedge between the facilitators and the consumers. Our information isn’t safe online, regardless of any assurances that have been made. Do yourself a favor and minimize the damage by being very selective about what is published for the rest of the world to see. Remember, just because you can put something in the cloud doesn’t mean it belongs there.
