An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Reducing Personal Cybersecurity Risk

10 October 2019

Much of our focus for Cybersecurity Awareness Month is on how the Navy’s cybersecurity is threatened by nation states, ideologically motivated hackers, cyber criminals, and malicious insiders. Our cybersecurity workforce and Cyber Mission Forces battle these cyberspace adversaries every day. 

 

But just as importance is for each and every one to pay close attention to your own cyber vulnerabilities, at work and at home.  Those same adversaries mentioned above can target you whether you are at work or on a personal device outside of work.

 

Cyber criminals use some of the same tools and techniques as these bad actors to target anyone who has a personal computer, smart phone or smart device. They are primarily interested in financial gain but may hack for other illegal purposes. Regardless, you are the front line that is defending your personal data and devices from their attacks.    

 

The Department of Homeland Security (DHS) has produced a series of short, information-packed, easy-to-read “tip sheets” for protecting yourself online. These guides are available at https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019 but we have reposted tip sheets for protecting yourself on the home front at https://www.navy.mil/local/cyberawareness/.

 

By following the advice in this blog and the more detailed guidance in the DHS tip sheets, you will reduce your chances of:  becoming one of the 60 million Americans affected by identity theft, being held hostage by a ransomware attack, or having your credit card exploited.

 

The good cybersecurity habits you learn and apply at home will also help you protect the Navy from cyber adversaries when you are at work.  

 

A graphic illustration of cybersecurity risk with graphics and words to support it
A graphic illustration of cybersecurity risk by MC2 Timothy Hale
A graphic illustration of cybersecurity risk with graphics and words to support it
CYBERSECURITY RISK
A graphic illustration of cybersecurity risk by MC2 Timothy Hale
Photo By: Mass Communication Specialist 2nd Class Timothy Hale
VIRIN: 191010-N-TV402-1001

 

The bad guys are coming after the Navy but they’re also coming after you. Because that’s where the money is and information that can give adversaries competitive advantage.

 

Identity theft is the illegal acquisition and use of someone else’s personal information to obtain money or credit. Nearly 60 million Americans have been affected by identity theft, according to a 2018 online survey by The Harris Poll.

 

The 2019 Official Annual Cybercrime Report (ACR) predicts that businesses will fall for ransomware attacks every 14 seconds.

 

A Clark School study at the University of Maryland is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access— every 39 seconds on average, affecting one in three Americans every year —and the non-secure usernames and passwords we use that give attackers more chance of success.

 

Cyber criminals managed to exploit the credit cards of 48% of Americans back in 2016.

 

The cyber threats to the Navy can come from nations with highly sophisticated cyber programs, countries with lesser technical capabilities but possibly more disruptive intent, ideologically motivated hackers or extremists and/or insiders within our organizations, with a variety of motivations. Even cyber criminals threaten the Navy because they sell malicious software to state and non-state actors, thereby increasing the number of potential threat actors.

 

Ransomware Has Run Rampant

 

Ransomware, especially with the advent of cryptocurrencies, is an increasingly popular way for hackers to make money.

 

Ransomware attacks are growing more than 350% annually. (Source: Cisco)

 

A ransomware attack is designed to hijack the targets’ systems and hold them hostage in exchange for certain demands. These attacks are particularly effective and growing in number as the data from Cisco shows. The increase in cyber attacks is bound to continue in the foreseeable future.

 

In a world where we are constantly connected, cybersecurity cannot be limited to the home or office.

 

Internet of Things (IoT) or smart devices refers to any object or device connected to the Internet.

 

NETSCOUT also disclosed that on average an IoT device could be attacked easily within the first five minutes of connecting to the internet!

 

Just to be clear, any individual or company that uses the internet can be a target for cybercriminals; which is why it is so important to understand cybersecurity policy and how breaches can affect your company, your customers and your employees. Below are some of the most commonly targeted organizations.

 

Malwarebytes said in a new report that cyber attacks on businesses soared in 2018 while consumer hacks dipped.

 

In its 2019 State of Malware Report, Malwarebytes found that criminals are increasingly drawn to the big payoffs that come with attacking companies compared to the piecemeal gains of going after individuals.

Nearly two-thirds of confirmed data breaches involved leveraging weak, default or stolen passwords. (Verizon 2017)