Security Evangelism at the Backyard BBQ
In social circles, be it the neighborhood BBQ or a fundraising event outside of work, I'm frequently asked what I do for a living. After answering this question numerous times, I’ve found myself asking a few questions before delivering my answer. As with any presentation, small or large, the audience is the most important part. I start by trying to understand who it is that I'm explaining this to in order to gauge their awareness of the industry of which I call home. I used to start with cloud computing and the concept of the power company vs. every residence using a generator. This is easy and simple for people to understand, but personally, I’m tired of telling that story. In recent years, one thing that seems to resonate with many people is the use of social media. It doesn’t discriminate against age or gender either, which is conducive to broad audiences. Since I personally do a lot in the cyber security arena, my initial questioning often brings me to their awareness of various platforms that are popular today. This typically leads to looks of horror at points in my discussions.
In a recent conversation, I was explaining to a new neighbor some of the social trends we’ve seen impacting many businesses that aren’t educating their users. I gave the example of those popular questionnaires that circulate daily. Often we see folks answering all sorts of questions on social platforms that they shouldn’t. Let’s start with Facebook; specifically, these ‘fill in the blank’ questions pertaining to your first car, high school mascot, or where you got married. It amazes me how people don’t know that these questionnaires are driven by chatbots or AI and are simply gathering information to be used in account penetration attacks in the future.
If you haven’t noticed, many of them are security questions that are used with your personal banking provider, mortgage company, etc. In our cyber security circle, we are all aware that these bots are gathering information and building profiles on possible candidates for attack. The attacker stores this information to be used in attempts to gain access to sensitive personal information through a simple reset password request. They have your email, phone number and since you filled out the chatbots chameleonesque form, now all of your challenge responses. It’s alarming how many people are not aware that this is happening and are blind to what the purpose of these questions truly are.
In my professional realm, I'm still flabbergasted at how many organization's do not employ two-factor authentication to aid in protecting their own companies’ intellectual property. It’s really that simple and quite inexpensive, compared to the risk that is introduced without it.
If you don’t work in the cyber space, please be on your guard and don’t fill out those probing surveys. If you are an expert, help your neighbors and exercise your philanthropic bones to alleviate much pain for them in the future as possible. If you are a business or firm struggling in this area, put it on your roadmap for Q3, it’s imperative.
Reading time: 70 seconds