While you might not think tennis and cybersecurity have much in common, both can be unpredictable and therefore require you to keep your eye on the ball.
But unlike a tennis match, cybersecurity is no game.
In its efforts to help consumers and businesses maintain a home court advantage, ESET – an official sponsor of the 2017 Rogers Cup -- gave away one-year protection software to attendees in Toronto, and took part in the cybersecurity panel on the inaugural Salesforce Tech and Tennis Day, presented by ESET on August 10.
The lively discussion centered on current security threats and solutions along with the potential issues we might face in the future.
Along with yours truly, Security Intelligence Team Lead, Alexis Dorais-Joncas, graced the stage for the discussion, along with two other cybersecurity experts: Eliot Behar, Former Security Counsel for Apple, and Sean Earhard, Head of Advanced Threat Solutions, at Cisco Canada.
The emcee and moderator for the morning event was none other than Amber MacArthur, celebrated author, TV and radio personality, and public speaker.
Cyberthreat today
The first question focused on our most concerning cyberthreat today, to which Alexis replied, “human error,” as it’s easy to be duped into giving away private information if the source seems legitimate. Alexis gave an anecdote about a planned phishing attempt at a business, to see what would get through. If the email looked suspicious, including multiple spelling or grammatical errors, none of the employees clicked on the link or clicked on an attachment. But a subsequent email, which looked a lot more legitimate, fooled 99 percent of those same employees.
Yikes! You could hear an audible gasp from the crowd.
I mirrored much of Alexis’s sentiment in my response – that software may help stop a malware (malicious software) attack, but employees could be voluntarily sharing private info if an email looks legitimate, which puts your company’s data at risk. As such, good policies, practices and procedures need to be established – and reviewed often – with all employees, regardless of the size of the company.
"Nearly 98 percent of businesses in Canada are small businesses and many believe they’re not at risk from a cyberattack."
In fact, I also acknowledged that nearly 98 percent of businesses in Canada are small businesses and many believe they’re not at risk from a cyberattack. Malicious types are capitalizing on this misconception and are specifically targeting small and midsize businesses (SMBs) with various kinds of phishing and ransomware attempts. Attacks may come in all forms, but many take advantage of lapses in common sense.
Another concern is our growing Bring Your Own Device (B.Y.O.D.) culture, where we are encouraged to bring in our own personal devices to the workplace, which could invite more risks in cybersecurity.
Alexis pointed out the importance of good software to help flag those risks. For example, ESET software scans an email on the gateway before it reaches the receiver. It scans the email again in the receiver’s inbox and again after it’s opened. “This multilayered approach helps to protect and catch threats at each layer,” said Alexis. “ESET’s differentiator is its DNA technology, which utilizes generic signatures against malware attacks.”
Alexis also said ignoring software updates makes your system vulnerable - whether it’s a mobile device, or a laptop or desktop - as these threats target systems that are not up-to-date.
Motivation of cyberattacks
As the session continued, Amber asked about the motivation of cyberattacks, to which Alexis talked about state-sponsored attacks, which may be more politically motivated, and those driven by organized crime, which are more financially motivated. "However, there is no way for us to predict which is the biggest threat. This is why it is always important that we as individuals and as organizations take the necessary precautions to help minimize exposure to these cyber threats."
Amber asked about cyberspace becoming “militarized.” Panelists Eliot Behar and Sean Earhard believed it had already begun. Alexis said many countries already have units specializing in defensive and offensive measures in cyberspace – including Canada’s Department of National Defense’s announcement in May to “strengthen” its cyberwarfare arsenal.
When asked about new and upcoming threats, I spoke of the emerging Internet of Things (IoT) revolution, where all our devices are talking to each other. I cited stats that suggest there are 8.5 billion IoT devices today, including machine-to-machine (M2M) connections, but that number is expected to balloon to 50 billion devices by 2020.
While more entry points can translate to increased vulnerability, I suggested during the panel that IoT might actually (or ironically), bolster security, if we can make devices serve as authenticators. For instance, instead of a smartwatch or connected car as an added threat, what if a second or third device was required for authentication, perhaps to enter a business?
Improve your cybersecurity
Finally, Amber challenged the panelists to suggest ways to improve cybersecurity and “perimeter-based” security popped up in the discussion that followed.
Alexis said the key for any organization is to have layers of security. “Border security is basic – it can be compared to a lock on a house – but it’s the added level of security measures beyond the ‘perimeter’ that create a safe network,” he said. “The best strategy is to make the attackers’ job as difficult as possible by having security at every level to protect against breaches.”
As we wrapped up, Amber asked about building a safer cyberworld. In my response, I focused heavily on education in the workplace. I cited a free training module for cybersecurity awareness that any administrator in an organization can download and distribute. There is even certification after completion of the two-hour course.
Finally, I reinforced the necessity to be proactive, and to preemptively back-up important information – in case something happens. Downtime for a business could be damaging, so you need to ensure safeguards are in place to protect the business from these threats, whether it’s cloud back-up with redundant/mirrored servers (in case one goes down), strong cybersecurity software or regularly reviewed good practices with employees.
It was an honour to be part of Rogers Cup’s Tech and Tennis Day – alongside Alexis Dorais-Joncas, whom I’ve had the pleasure of interviewing on my radio shows and I hope the attendees of this cybersecurity panel walked away with more insights after our discussion. And a clear call to action, too.