...it probably won't come as a surprise but you *should* take it seriously.

Welcome! I'm Jon Fedor and this is InCyber Regular, edition three. We talk about cyber security issues and awareness for smaller enterprises and the cyber-curious.

In today's edition: There's a pandemic(?), security hygiene, a recommendation, and I talk security vulnerabilities with Jim Waller.

There's a pandemic?

If you didn't already think living in a world with COVID-19 was bad enough, turns out the pandemic's brought more termites into the house, so to speak.

John Ayers from Nuspire (a cybersecurity service provider) cites that they saw a "whopping" 128% increase in malware activity in 2020. As well as a 29% increase in botnet traffic (hackers using your machines to send more spam and malware).

That sucks.

It's never been more important to be vigilant about your organization's cyber security. Don't wait to take action until it's too late. More on this below.

Speaking of Security Hygiene

I saw this comment from SwiftOnSecurity this week:

SwiftOnSecurity

This is an important point given what Jim Waller has to say below. When it comes to endpoints, the human ones are the weakest. No mistake.

Also, it's interesting to look at mega corporation's product from the perspective of, "does buying this service from X-Fortune100 improve my security posture?"

Turns out it can. M365 offers ransomware protection, MFA-through-Authenticator, phishing and spam protection, the list continues and is longer than I thought.

What's the Tonto to this Lone Ranger? Just the idea that you can't benchmark peace of mind. If you sleep better because you've purchased X-secure-service for your team to use, that's a good purchase.

It's your way of shooting the bad guys and riding into the sunset.

Follow Recommendation

If you're on LinkedIn (I know, I know...) but if you are and you're looking to grow your security awareness, The Cyber Security Hub is a great follow. They get a little loud sometimes but also push out a ton of interesting, helpful, and usually entertaining security content.

Like this meme:

Hyprcorp

Drop a "not today, satan" on those helmet arrows and get yourself a password manager. Enough is enough already.

Complacency is the enemy

Here's my interview with Jim Waller, Senior Security Consultant at Core BTS.

Who is Jim Waller?

I am a father of 5, a husband, a disabled veteran, outdoorsman (backpacker, camper, hunter, fisherman, etc.), scout leader, a river rat, a survivalist, a former deputy sheriff, and an avid security enthusiast.

Why or how did you get into security?

I am of the belief we have been conditioned in our life to have a false sense of security.

This belief is true not just of our daily physical interactions, but our digital interactions.

If we view our interactions with a little more scrutiny it would reveal to us just how false our sense of security is.

I was born under the watchful eyes of a deputy sheriff who instilled in me that our next actions we take could be our last actions, and we should always use common sense and precaution in all that we do. I grew up with a long line of patriots that served in multiple theaters of war, and hearing those stories as a young man, provided me with a different perspective of how we should navigate our world.

Bringing that background forward, it was just a natural step into the security field.

What security vulnerabilities are you always telling clients to address?

Physical security and the human element are the biggest security vulnerabilities we face.

Something as simple as allowing a person to lean a little too much over a countertop when they are ’scheduling an appointment’ for service, and seeing your ‘hidden’ password on the monitor, or where the actuator for a secured door is located. These are the elements to me that are going to be the job security for the security professional.

When the human condition is removed, let's face it, the technical mechanisms are pretty tough to beat.

Favorite security resource you're using right now?

I am constantly studying for something a certification or some kind of qualification.

I really like using the learning environments of Cybrary and Udemy. Outside of that I try to consume as much security information as possible from newsletters, articles, daily emails, anything from those that are far smarter than me!

What about law enforcement or military experience makes you a better security pro?

To me those lines blur. One may interpret our physical world as separate from our digital world. I don’t. I look at everything with scrutiny and think about how to make anything more secure.

To me everything is a security vulnerability. Every room I enter, every alley I walk down, every web address I type in is viewed in this perspective. I have had my hands on some real evil people with real evil intentions, I have seen what happens to people that are lulled into a false sense of security. It is disturbing. With the availability of our 24 hour access to the digital landscape these evil acts can be exacerbated to a whole other level. 

I get it I am not really answering the ’security’ question with regard to shoring up an environment to keep bad actors, lucky aspiring computer enthusiasts, and the dreaded ‘hacker’ from traversing a company’s infrastructure.

All the pieces need to come together. Building a secure environment will help the backend of that environment be secure as well.

Let's face it, there is bad intent everywhere, are we able to stop all threats in the physical world and the digital world? No, but we can limit our potential for harm and exposure by taking precautions to fully understand our situation. 

Anything else?

Yes, never stop learning. Continue to improve! Complacency is the enemy of life. Stay alert, stay alive.

Thanks!

If you enjoyed this or learned something or want to rake me over the coals, feel free to forward this email. Or pass along the link to sign up for InCyber Regular.

If you didn't enjoy this, let me know how I can make this weekly resource better. And I will.

Have a good'un, Good Lookin'.