Hollywood often portrays cybersecurity as something exciting and glamorous, with a hero rushing in to rescue a computer network just in the nick of time. But in the real world, effective cybersecurity is a complicated mix of expertise, strategic planning, and a good sense of timing to stay one step ahead of the bad guys. This mix of skills is also why it’s so difficult to get it right, and unfortunately, a company’s cybersecurity failures will be publicized, while their successes will often go unnoticed by the public. Infamous data breaches, serious security flaws, reputational damage – all just a few of the risks organizations face in the real world.
Even companies who focus on cybersecurity issues are targeted by hackers. Take LastPass, whose popular password management app is highly rated and used by thousands of people. Over the years, it has been the target of hackers and vulnerabilities have been revealed that were related to the “Cloudbleed” flaw, among other possible issues. While using a password manager remains one of the best moves a consumer can make to protect their data, it goes to show that even a company as focused on security as LastPass is not immune from hackers and software vulnerabilities.
Even without hacking, the bad guys can gain information about users and companies through passive attacks, such as “sniffing” network traffic from computers and smartphones. In a recent paper, researchers were able to determine what a user was watching on Netflix by analyzing the network traffic of the computer. Even when a user streams video through an HTTPS connection, enough information “leaks” out for a potential attacker to learn about your Netflix habits.
Even with cyber risks of the real world, users and companies can still take steps to protect themselves, from bug bounty programs to consumer ratings to two-factor authentication. While it’s always a race to the finish between the good guys and the bad guys in our networked world, it’s never too late to take steps to protect your privacy and secure your data.