Cyber attacks come in various presentation and packages, the damage range from “all systems feel normal” to “the sky is falling” scenarios. But one thing is for sure, users of all access levels, from system admins to end-users and consumers have a large role to play for the success or failure of cyber attacks perpetuated. In effect, what we do can increase or decrease the attack surface of the very computing environment we use for business, work, play, and leisure. In this article, we will try to remind you of the small things that may introduce vulnerabilities, which if not corrected has the potential of causing IT troubles that we can never forget.
- “I have an antivirus, I’m secure”
There is no perfect antimalware software, virus detection will continue to be a hit and miss process. Today’s antimalware depend on two methodology when trying to detect a virus infection. The first is the antiquated signature-system, when harmless sample portion of malware are hashed, and the same hash is then listed as part of the virus detection database. Comparing the hashes of a real malware to suspicious files do provide good indication that a file may be infected. The second method is behavioral-monitoring, also known as heuristics scanning. It is when the antimalware runs in the background, watching over all running processes to look out for misbehaving threads, process and apps. Combining multiple antivirus engine into one scanner is an alternative, similar to the service offered by virustotal.com
- “Why should I update? Don’t fix what it is not broken.”
The real deal is software updates literally “fix” the “broken” parts of the software from the standpoint of security. Users cannot determine if the software they are using have no bugs, as all software that exist always have it. Updates are issued by the software vendor as soon as they develop the code that will patch the problem. These same updates are also downloaded by hackers, they will try to reverse-engineer the patch, to determine what particular part of the software it fixes. Once the reverse-engineering is finished, they will then develop an attack which takes advantage of the flaw fixed by the patch. As not all computers are updated as soon as the vendor issues the update, the time gap between the update availability and update installation may take a week or more. That is enough time for hackers to unleash their attacks using the reversed-engineered patch.
- “I am a nobody, why should a hacker bother with me?”
Hackers cast a huge net, this is to effectively maximize the gain of their attacks. Hence, the size of the target is never an issue, only the number of possible weak points in the security chain. One of which is unpatched software as we have mentioned above.
- “Backing-up is just hassles”
Making regular copies of files to a separate device is the only effective way to minimize damage in a cyber attack event. A reliable backup enables people to return to their normal use of the computer with all their files intact at the soonest possible time. With the growth of cloud-based backup services, there is no valid argument to support for not having a reliable backup regimen.
- “I’m lazy thinking for a new password, I’ll just use password123 again for site X”
Recycling old password is in itself a recipe for disaster, recycling an easy to guess password is an order of magnitude worse. People need to start using password management software such as Keypass, to store their passwords in a safe encrypted way.
These myths of security should cease from being practiced globally. The possibility of hacking does not happen overnight but through the creation of habits, which starts from being complacent of users. Growth of knowledge of users for being cybersecurity-aware need to take a top-down approach, as the members of a company’s leadership being unaware of it is huge trouble waiting to happen for any firm.