Education is half the battle against cybercrime.
A bipartisan group of members of the US House of Representatives has enacted a law to establish a cybersecurity education and public awareness campaign.
The Cybersecurity Literacy Act comes amid the increasing onslaught of cyber attacks. These include headline-grabbing attacks on SolarWinds and Microsoft Exchange, as well as ransomware attacks like Colonial Pipeline and JBS USA.
Illinois MP Adam Kinzinger leads the cybersecurity literacy initiative. US representatives from both parties from Florida, California, Texas and Pennsylvania support the bill.
“As technology advances and becomes more complex, it is critical that everyone is aware of the risks of cyberattacks and how to mitigate these risks to personal safety,” said Kinzinger.
Preventing Successful Cyber Attacks
The legislation would oblige the National Telecommunications and Information Administration (NTIA) to launch a cybersecurity education campaign. It would help promote understanding of how to stay safe online and prevent successful cyberattacks.
It would also include lessons on how to identify malicious phishing emails, how to change passwords frequently, and how to use multifactor authentication (MFA) on sensitive accounts.
I would also like to highlight cyber risks that arise, among other things, from the use of publicly accessible Wi-Fi hotspots.
Rajiv Pimplaskar is Veridium’s Chief Revenue Officer. He said education is “half the battle and it’s great to see the NTIA launch a cyber-education campaign”.
“One of the key issues of awareness must be recognizing that a chain is as strong as its weakest link and starting a debate about the balance between safety and convenience and user-level choice,” he said. “Trained users will be more willing and ready to avoid complex, unwieldy, and easily abused passwords and instead choose new and better passwordless authentication methods.”
Authenticators like Phone-as-a-Token or FIDO2 security keys are more resistant to phishing attacks, Pimplaskar said.
Aside from the urgent need to improve security for individuals and organizations, increased user awareness and demand may encourage B2C and B2B companies to offer a wider range of such authenticators, which in turn reduces customer satisfaction and improves productivity. he said.
Everyone is a potential weak point
Joseph Carson is Chief Security Scientist and Consulting CISO at ThycoticCentrify.
“One of the biggest mistakes security professionals can make is assuming that other employees and employees have the same understanding of good cyber hygiene as they do,” he said. “By assuming everyone is a potential walking security vulnerability, security teams can better implement proactive measures and training programs to alert employees – especially those with privileged credentials – to various security risks that can arise at any time.”
Password hygiene should always be part of employee training and cyber awareness training, Carson said.
“The average employee is not trained in cyber hygiene and best practices, making them easy prey for cybercriminals looking to access a company’s networks quickly and easily through phishing attacks or clever social engineering,” he said. “By ensuring that employees at all levels are adequately trained to spot malware-infected emails and other rudimentary attempts to steal credentials, this can be an important step in reducing the success rate of an attack, or at least providing an alert trigger. And by normalizing training within the work culture, companies can help keep these practices vigilant over the long term. “
Unsafe ransomware threat impact
Tim Wade is the Technical Director of Vectra’s CTO team. He said that heightened awareness certainly has its place on the consumer side of cybercrime. However, it’s not clear how much this alone will move the needle when businesses face the threat of ransomware.
“When all things are the same, behavior follows behavioral incentives,” he said. “So from an organizational perspective, if knowing how to act is part of the equation, responsibility for failure may very well be the other.”
Anurag Gurtu is the Chief Product Officer at StrikeReady. He said it is important to have a solid understanding of cybersecurity literacy in order to thwart cyberattacks. This includes the use of strong passwords and the use of two-factor authentication (2FA).
“You can train users to spot simple phishing attacks,” he said.
However, it is more difficult to detect sophisticated attacks, Gurtu said.
“Even so, there is no doubt that it is a positive step towards improvement,” he said. “Education always helps”