Five Ways National Cybersecurity Month Is Like Halloween
October is best known for Halloween, but October also happens to be National Cybersecurity Awareness Month. It’s a time to focus on how cybersecurity is a shared responsibility and we all must work together to protect and improve our nation’s cybersecurity.
What does cybersecurity have in common with Halloween? Plenty. Here are five ways that cybersecurity and Halloween are alike.
Both can be scary and downright frightful
Halloween is scary like watching Halloween 1-11 or other scary movies. Cybersecurity can be just as frightening, a perfect example of this is Ransomware, which locks your computer and demands a ransom to unlock it and give access to your data. It’s similar to the movie, IT, where Pennywise the Dancing Clown, uses a balloon to lure kids and take them hostage. The best defense against ransomware is to keep your operating system current and don’t install unknown software. If you’re a victim of ransomware, having a backup of all your data is akin to dodging the bullet. Pay the ransom? That may work but no guarantees.
It’s trick or treat time
Trick-or-treating is one of America’s favorite pastimes. Kids dressed in costumes visit houses and ask, “trick or treat” to receive candy, interestingly, few opt for trick. For hackers, it’s all about tricking you, and it’s a treat to them when they succeed. Phishing uses email trickery to fool you into clicking a link or downloading an attachment. It’s a cybersecurity concern for both consumers and businesses. Whaling, a form of phishing, targets specific, high-ranking company officials. Prevention? Study phishing examples and be quick to question and confirm legitimacy by another means like Google searching.
It’s a masquerade ball
Around Halloween, groups hold masquerade parties where guests dress up, and it’s anybody’s guess who is in the costume or behind the mask. Imagine a masquerade where everyone dressed in costume is a hacker, except you, who’s not wearing a costume. Hackers thrive on remaining anonymous. For months, we didn’t know who was behind the WannaCry ransomware attack that held thousands of computers hostage worldwide in 2017. Now we learn that a programmer based in North Korea was behind it. Hackers mask their identity or assume the appearance of something one is not, the very definition of masquerade.
Whose house gets egged and TP’d?
Vandalism happens on Halloween night. Often, it’s that one house on the street without any outside lights on or purposely doesn’t give out any candy that gets egged and TP’d. The correlation here is one house on the street that looks deserted is more vulnerable to vandalism than the other well-lit houses with security signs. It’s the same with hackers. They probe network defenses looking for the one network easiest to pilfer and launch DNS or DDoS attacks. Lesson: don’t be the business with the most vulnerable network on the block. DARKReading has the best advice: “Businesses need to maintain constant vigilance on the techniques used to target them and continually evolve their defenses to industry best practices.”
Black cats vs. black hats
People associate Halloween with black cats. It has something to do with being a favored pet of witches and involved with dark magic. In cybersecurity, the evil entity is black hats. As this Wired article noted, black hats are criminals who break into machines and steal data, such as passwords, email, intellectual property, credit card numbers or bank account credentials. To battle the black hats, your business can retain white hats—the good guys in computing, who use their hacking talents to inform you of network vulnerabilities.
That’s five ways which cybersecurity and Halloween are alike, and it seems most fitting to share during National Cybersecurity Awareness Month. Cybersecurity is a personal and professional responsibility, by using different, strong passwords and two-factor authentication at home and work. Backup data hourly, daily or weekly, whatever makes sense for you or your organization. Count to 10, not to calm down but to think twice before clicking on a link or attachment.
Learn about CIS’s first five controls and examine what each control addresses.
Learn about how privacy programs and the importance of being prepared for a breach.
Learn about the constant vigilance of continuous security monitoring.