Colonial Pipeline was not alone in getting hacked this year. I was too! Were you? Victims of security or data breaches are widespread and they include small businesses and non-profit organizations.
A RAND Corporation1 report from a couple of years ago showed that 64 million Americans recall having received notice of a breach within the 12-month period prior to the survey. Moreover, 36 million received two or more notifications. I was in that group!
According to Statista, there were 1001 cases of data breaches in the United States in 2020, while the number of individuals who encountered data leaks or exposures came close to 156 million.
The past six months reported network security vulnerabilities in SolarWinds’ Orion, Microsoft’s Exchange email program, and a water treatment plant in Oldsmar, Florida.
While this piece was in the making, JBS (largest global meat supplier to countries on six continents) whose Swift brand and Blue Ribbon Angus Beef is sold in numerous grocers and wholesale retailers, including Winn-Dixie, Food Lion, Costco, and BJ’s, encountered a cyberattack. This not only shut down meat plants in the U.S. and abroad, but cattle farmers now hint at beefing up prices to 5% in the coming months!
Considering that JBS also distributes to restaurants, such as J. Alexander’s, The Village Tavern, The Cheesecake Factory, Johnny Rockets, Duffy’s, Subway, Pizza Hut, Burger King, McDonald’s and Wendy’s, to name a few, we can all expect a dent in our savings for eating out.
In the wake of cybersecurity concerns, companies (including government agencies) who touted cyber best practices are reevaluating their IT infrastructure. Although there doesn’t seem to be a fail-safe procedure nor a protocol that can fully protect us from prolific cybercriminals, we can always work toward improvement. 😉
Cybercriminals tend to focus on five industries: energy, government, healthcare, higher education, and small businesses. Exploiting vulnerabilities is the alpha and omega of a hacker’s day. As their methods change, the approach to cybersecurity must also be adjusted.
Take the healthcare industry. There is an increasing number of medical implants with wireless functionality that can be programmed, controlled and recharged, without the need of wires or surgery. Cybersecurity experts warn about network weaknesses that can be exploited by hackers who can tamper with medical devices, like a pacemaker or brain implants used in treating Parkinson’s, Tourette’s, OCD, and other neurological conditions.
In late 2019, the U.S. Food & Drug Administration alerted healthcare providers with regard to 11 vulnerabilities (URGENT/11) posing risks to hospital networks and thereby affecting Wi-Fi, routers, phones, and other critical equipment.
The agency added that the vulnerabilities could allow cyberattacks to occur without detection or user interaction. Moreover, “because an attack may be interpreted by the device as a normal network communication, it may remain invisible to security measures.”
Can we bridge the gap, or better yet, altogether close it?
It appears that a big part of the problem has been the lack of cybersecurity pros, which was astonishing to know. Talent acquisition professionals suggest that growth is needed in the U.S. at about 41% and 89% globally.
Given that it’s no longer a matter of whether a breach will occur but when, we need foolproof direction on how to best protect ourselves from cybercriminals—but first let’s define a few of the forms of cyberattacks and other common terms.
- Black Hat Hacker. This cybercriminal is defined as one who violates computer security for personal profit or malice.
- Breach. When a hacker successfully exploits a vulnerability in a device or computer, gaining access to its network and files.
- Clickjacking. Disguised as a harmless element, this hacking attack tricks people into clicking an unintended button or link.
- DDoS. As a form of cyberattack, Distributed Denial of Service aims to make a service, like a website, unusable—flooding it with malicious data or traffic.
- Deepfake. A type of technology used to create images, video and audio hoaxes, deepfake replaces a person with someone else’s likeness. It has been utilized in image-based sexual violence for years, spurring lawmakers to take action.
- Exploit. An application or malicious script that can be utilized to take advantage of a computer system’s vulnerability.
- Malicious Software aka Malware. Describes all forms of malicious software that has been written or designed to wreak havoc on a device. Some of the common forms are viruses, worms, adware, ransomware, and trojans.
- Phishing. A technique utilized to obtain sensitive information, such as passwords and bank accounts. A common form of phishing is an email designed to trick the recipient into sharing confidential and/or personal data.
- Social Engineering. This technique, built around how people think and act, scams individuals out of private and sensitive information, such as PHI and financial data.
- White Hat Hacker. With permission from the system owner (making the process legal), white-hat hackers utilize the same hacking methods as black hats in order to identify flaws and make system and network security recommendations.
Candidly, I have taken in a lot of information on cybersecurity (probably more than I needed to or fully comprehend). One of the startling figures came from Steve Morgan, Editor-in-Chief of Cybercrime Magazine, who wrote a great article about the cost of cybercrime worldwide. Steve shared that on average, cybersecurity will cost the world $10.5 trillion a year by 2025.
At the current U.S. inflation rate of 5.4% (which doubled since 2016), it seems that their calculations could have fallen short, significantly! Concurrently, Cybersecurity Ventures estimated that 200 zettabytes of data will be stored worldwide by 2025 (the only named binary measure left is a yottabyte y’all, and from there who knows). To a cybercriminal this could be quite enticing—a bytes banquet of sorts!
Is it all a bunch of hype?
By all accounts, the threat of cyberattacks is not overstated. Authorities estimate that data can be stolen in 12 hours or less, and with all the ransomware attack kits on the dark web, even those with no programming skills can carry out cyberattacks.
Just in case you’re thinking that a pro goes after big fish in the deep ocean, remember that for amateurs, it’s the smaller fish swimming in the rivers and streams that are the perfect catch!
Cybersecurity journalists have reported issues with Alexa, Echo, Kindle, Google Home, Apple HomePod, and “smart” doorbells, among others. Even that new Peloton exercise bike you bought during the pandemic can be a potential security risk.
Take a look at this chart on the time it takes to crack a password!
As we looked at cybercrime from another angle, we encountered that human error was the cause of the greater majority of cyberattacks—up to 90%.
A recent white paper, Cyberchology: The Human Factor,2 revealed interesting results from a study that looked at people throughout Europe (thank goodness their eyes were not on us this time).
Researchers found that different kinds of cybersecurity errors are common among those of certain personalities. They went on to say that “individuals and their managers (rather than IT departments and outside contractors) are the truly [sic] key players where cybersecurity is concerned.”
In following this data closely, let me share with you the gist of what they saw:
- Cybercrime increased by 63% since lockdowns began.
- Only a quarter of the businesses surveyed considered their remote-employment strategy effective.
- Human error and/or ignorance was the biggest cybersecurity challenge during the pandemic.
Let’s dig into human error a bit. If you are unfamiliar with the Myers & Briggs’ Personality Theory, here is a free type-finder test you can take, along with the four basic preferences below from where 16 possible combinations stem from.
Extraversion vs. Introversion
Sensing vs. Intuition
Thinking vs. Feeling
Judging vs. Perceiving
Extraverts are “more vulnerable to manipulation, deceit, and persuasion from cybercriminals.” ICYMI, these cyberattacks are called social engineering. The flipside is that extraverts usually pick up on outside attacks faster than others.
Sensing individuals tend to pick up phishing more than their Intuitive counterparts. Conversely, those with a preference for Sensing are “also more likely to take cyber security [sic] risks.”
Those with a preference for Feeling, as well as individuals inclined toward Judging, “are more likely to fall victim to social engineering attacks than those with a preference for Thinking.” Details from the study show that the downfall of the Thinkers is they can overestimate their competence.
Additionally, the analysis indicates that Judgers and Feelers are more cautious and better at “follow[ing] cyber security [sic] policies.”
What is the bottom line in this study? The authors say that self-awareness, coupled with a strong cybersecurity system can create “a net of human/digital skills and proclivities which cybercriminals will have trouble slipping through.”
What are we to do?
As everything connects and digitizes, two questions still remain: (1) how can we better protect ourselves and our personal data? and (2) what should our call to action be?
Knee-deep in all of this, I wondered…what stands between us and a cyberattack that would stop our operations dead in its tracks?
To help us further explore this subject and provide tips on how we can become more cybersecurity savvy, we gathered advice from one or two experts.
Here are their practical recommendations:
||Use anti-virus software and firewall protection.
||Back up your data on a regular basis.
||Lock or log off your computer when you step away.
||Go offline when you don’t need an Internet connection.
||Consider sharing less online, like the city and/or state where you reside and your birthdate.
||Avoid using public Wi-Fi, going on apps that require you to enter passwords each time you access them, and entering personal/private info.
||Check emails and links before you click, as they can seem legit. Awareness is key!
||Activate 2FA (two-factor authentication), which adds an extra step to log-in.
||Install a browser add-on that warns you when you visit an unsafe site.
||Last but not least we have my favorite. Check for spelling errors on emails you receive. Most companies and marketing agencies employ copy editors. If you find more than one spelling error, it’s probably phishing!
Just for fun!
Remember the Peloton we referenced before? Since they have yet to include direct access to Netflix or YouTube, various videos on TikTok and YouTube show users how to “hack” into their system to watch Netflix and YouTube during Spinning sessions. This, of course, perfectly posits that hacking is a two-way street that just about everyone can ride on!
Check out these five fun techy terms I found in my travels through cyberspace. 🖖
- Digerati. I’ve heard about the illuminati, but not this ati! Turns out it refers to the elite of digitalization.
- Nagware. The nagging pop-ups or banners that continuously remind you to purchase the paid version of that free software you downloaded as a trial. Ugh!!
- Machine Learning. An AI technique that trains algorithms to recognize patterns and respond to them by performing specific tasks.
- Mouse Potato. The equivalent of the couch potato, a mouse potato describes someone who is “married” to their desktop or laptop—and yes, Merriam Webster has added this term to its dictionary.
- Screenager. I’ve got one, how about you? This one is self-explanatory and it refers to those teens with a fascination for computers, in terms of time spent on them, as well as tech savviness.
Withal, you may have read this post with a bit of dismay. If so, we want to close it on a positive note and encourage you to join me in putting our trust in, and giving credit to our network administrators and IT professionals, but also in adding a “byte” of hope that the supply and demand gap for skilled tech talent will soon start closing.
While I realize the data is staggering, as I observe Gen Z and others coming behind them (even toddlers) and how tech smart they are, my faith in the future is renewed! Just take a gander at Alexandr Wang, Founder and CEO of Scale AI and these other young entrepreneurs.
These outstanding young men and women right quick made me look to some of our TN business owners who are as young as 18. Some of them are not just business smart, they’re tech savvy too! They work hard, play well with others (lol), and are highly invested in leading the way for their generation to gain both financial and time freedom. 🙌
With that, my friends, the only thing left to add is this; look up because a promising future is but a second away!
1. Library of Congress Cataloging-in-Publication Data is available for this publication. ISBN: 978-0-8330-9312-7
2. Cyberchology is a partnership that has been running since 2019 between ESET, IT security provider, and The Myers-Briggs Company, one of the world's leading business psychology providers.
Get started today and check out the possibilities of what Team National can do for you. To learn about the Team National opportunity, please visit