We are constantly on our smart phones. We rely on apps such as Google Maps, our favorite news site, or social media outlets (i.e. Facebook and Twitter). Subsequently, a lot of our information is floating around. We’ve heard about the danger this can put us in, but did you know we are also currently in a cyber war right now-a war from all sides?
On Tuesday, GovLoop hosted a cybersecurity event titled “Evolving Tactics to Combat the Cyber Threat.” Speakers Jean-Paul Bergeaux, Chief Technology Officer at SwishData Corporation, and Richard Breakiron, Senior Vice President at Ascolta (a subsidiary of ViON) focused on cyber tools and best practices that could help make your agency more secure.
“We have been at war for ten to fifteen years and we are losing,” Breakiron said.
And the first thing about war is awareness: what is my threat?
Bergeaux kicked off the discussion by highlighting the threats and vulnerabilities agencies and organizations need to be aware of when functioning in the 21st century. First, we must understand that although cyberattacks can (and have) come from outside threats, such as nation-states, threats can also come from within our own borders. In both your work life and during your personal time, awareness of some of these potential threats is key. As Bergeaux remarked, “People typically aren’t doing what they need to be doing in order to be properly secured.”
First, be aware of some of the programs out there. One such mentioned were what are referred to as wifi ‘pineapples,’ which according to Bergeaux, “are automated GUI-based systems that have the ability to hack into networks and can be easily purchased by anyone – no technical abilities required.”
Second, when storing your information into cloud, “Do not put government information on non-government cloud programs. Only use government specific cloud programs,” Bergeaux stated. As simple as this may seem, it helps mitigate the ability of hackers to access the information by making it more difficult to do so.
Lastly, an interesting tidbit for all: Bergeaux shared a fun fact about the popular use of headphones. “Headphones should not be plugged into your phone when you are in a crowd,” he said. “Someone can use the headphones as an antenna to issue commands to your phone.”
And as Breakiron agreed, discussing “the healthy amount of fear you need to have” about cybersecurity. He then proceeded to speak about how to manage a defensive mode in today’s cyber war.
“We are the most vulnerable country in the world because we are no longer using technology for convenience. We are totally dependent on it,” Breakiron said.
“We really need to understand that we need to defend this capability,” he added. And we are capable of doing so, Breakiron emphasized. We just need to remind ourselves that “90% of the attacks today are unsophisticated attacks” and that basic cyber hygiene can help “reduce penetration upon implementation by 40%.” He pointed out that a simple measure, such as the use of common access cards (CAC cards), used by the military is one way to help reduce cyberattacks.
Additionally, Breakiron pointed out the need to “fight the cyber war in real time in which sensors inform the machines upon attack in order to fight it off (even help wipe out the data if necessary).” Although measures are being put up to hopefully begin predicting these attacks, agencies should have measures in place to protect their networks – now.
Finally, we need to continue to build awareness amongst our government employees and civilians. But in the end, this is an ongoing war and as Breakiron put it: “If your preponderance of forces are not in place 24/7, 365, we will lose.”
*Jean Paul-Bergeaux shared some recent knowledge acquired at the DEFCON conference this year. If you wish to read up on an active directory on vulnerabilities please refer to the white paper here.