“It won’t happen to me.”
When it comes to cybercrime, this is the most common myth. It’s also the most dangerous myth.
That’s because the evidence tells us otherwise. Statistical research says that at least 18 people are victims of cybercrime per second. That means that in the time it takes you to read this article, about 5,400 more people will have been the victim of cybercrime.
That adds up to about 1.5 million people per day, or 556 million people per year. That’s a startling number – and we’re not even talking about the financial losses.
Do you still believe cybercrime won’t happen to you?
We understand. After all, the headlines about cybercrime are usually all about big hacks on big organizations. We were all stunned to read about the 2016 ransomware breach on Hollywood Presbyterian Medical Center. The hospital was forced to pay $17,000 in bitcoins to have its records unfrozen. Other big names that have made headlines include Sony, Yahoo, the IRS, and the U.S. military. With headlines like these, it seems obvious that thieves only go for the largest organizations to cause the most noise.
But the reality is a different story: Thieves like low-hanging fruit. So most thieves go where the pickings are easiest. And if you assume cybercrime won’t happen to you, then you’re an easy target.
The truth is that thieves go for easy targets who have little or no deterrents in place.
For example, let’s take a look at some facts about home theft.
You may be surprised to learn that most crime doesn’t happen in the largest homes or highest-income areas. In fact, 75 percent of burglars target middle- and low-income neighborhoods. And 60 percent of them prefer to operate without forced entry. They simply wait until they think a house is unoccupied to enter through an unlocked door or window.
Burglars avoid the homes with deterrents like security alarms, security cameras, motion-activated lights, safes for valuables, and noisy dogs. But deterrents don’t have to be expensive or sophisticated to work. Evidence shows that simple scare tactics such as door locks, fake alarm company signs, an effective community watch group, and even a dog bowl on the front porch can dissuade most potential burglars.
Now let’s consider how these facts relate to cybercrime.
Like home burglars, most cyber thieves aren’t targeting large companies with sophisticated security systems. They go for the smaller, unsuspecting individuals or companies that have little or no deterrents in place. The mere existence of cybersecurity deterrents can be enough to prevent theft.
So how can you make sure you’re not an easy target?
Your starting point is a security assessment.
Did you know that most police departments provide a security assessment of your home? You can request that they visit your home, check out the perimeter and interior, and make recommendations for improvement.
The same goes for your cybersecurity. You can request an assessment from a reputable cyber firm to check your areas of weakness and make recommendations for cyber resiliency. A thorough assessment should review these four key deterrents:
▪ Credentials access assessment
This is the equivalent of making sure your home is always occupied. This assessment checks for unused active accounts and computers that pose a severe risk as they can be used as backdoors for data exfiltration.
▪ Excessive privileged permissions
This is like making sure your doors can only be opened by family members. It tests how well you’re implementing the “principle of least privilege.” Failure to do so has proven to be a major contributor to data breaches and data theft.
▪ System policies
This is your virtual alarm system. It tests system policies to ensure that security standards are enforced against a possible breach.
▪ Password and account settings
This is like ensuring that the safe where your valuables are stored is tamper-proof. It checks that your settings are configured and hardened according to organizational security policies.
Your second step is real-time monitoring. Even with the best measures in place, cyber thieves can find a way to bypass firewalls. For example, they can use stolen credentials to log in with super privileges. They masquerade undetected as they steal what they want. That’s why it’s good cybersecurity discipline to regularly and proactively assess user identities and privileges. This additional protection hardens your system.
It’s a myth that cybercrime can’t happen to you. Cybercrime is rising at an alarming rate, and it can happen to anyone – including you. Get your cybersecurity assessment this year to avoid becoming a statistic, and then keep thieves on their toes with real-time monitoring.
Umesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point Access Rights Assessment, or get social with us on LinkedIn, Facebook, or Twitter.