This 7 min. read saves you up to 25 hours
For your knowledge advantage, we put together the most actionable insights from 12 getAbstract summaries (4 books with a total of 1216 pages, 4 articles, 3 videos and one podcast) on this topic. If you did this work yourself, you would be busy for at least 1453 minutes (about 25 hours). Learn more.

Do Not Reply to That Nigerian Prince Who “Needs Your Help”

Hack-proof your life and safeguard your work with these simple cybersecurity habits.

Do Not Reply to That Nigerian Prince Who “Needs Your Help”

In 2021, Ponemon Institute pegged the average cost of a company data hack at $4.24 million, with lost business the largest contributing factor. Breaches increased by 10% worldwide since 2014, whereas ransomware attacks increased more rapidly. Government fines per record breached can add millions to the toll. No company or individual is completely immune from especially a persistent, targeted attempt to steal your information, but there are lots of things you can do to be sure you’re not the weak link in the firewall.

Would You Rather Pay Before or After a Breach?

In “What Is The Real Cost of a Breach?” David Breg and Rob Sloan of The Wall Street Journal discuss what breaches cost, to give companies the perspective to invest in security before one happens. The Target Corporation hack in 2013 exposed 110 million customer’s private information, along with 40 million credit cards. Target was still paying the costs of the breach years later, between security fixes, legal fees, customer refunds and efforts to repair their brand reputation. Profits dropped 46% in the last quarter of 2013, and the company spent $100 million to upgrade check out registers and another $160 million on various settlements. In total, the breach cost Target $300 million and they were able to recover only $90 million from insurance. The brand damage cost another couple hundreds of millions.

Image of: What Is the Real Cost of a Breach?
Video Summary

What Is the Real Cost of a Breach?

Companies must invest in data breach defenses to avoid reputational damage and financial losses.

David Breg WSJ Video
Read Summary

Investigation found a small business vendor in Target’s supply chain triggered the breach; smaller businesses often make attractive targets for hackers. Large companies like Microsoft spend $1 billion for security to safeguard its assets and devices which poses a formidable challenge to hackers, points out software engineer Martin Casado in “The New Attack Surface Is Your Life.” To develop code to exploit vulnerabilities in secure networks cost hackers between $1 and $2.5 million. However, the cost to hack a Facebook account is $19.99 , or a person’s Gmail is $100, so that’s where many hackers start.

Image of: The Cybersecurity Playbook
Book Summary

The Cybersecurity Playbook

An indispensable guide to baking cybersecurity best practices into the corporate culture and everyday habits.

Allison Cerra Wiley
Read Summary

Security professional Allison Cerra emphasizes the importance of elevating cybersecurity to a daily concern for companies in The Cybersecurity Playbook. Include it as an agenda item at every meeting and create a budget for it: Better to budget now than pay later. Cybersecurity must become an integral part of company culture. Generally, a Chief Information Security Officer (CISO) will be in charge of a company’s security posture, with support and collaboration from board members and C-suite executives. HR can do much to make employees aware of good cybersecurity hygiene, incentivize best practices and carefully vet new hires from a security standpoint. Companies should develop robust breach response protocols so they’re prepared in case of emergency.

Bad actors want you to deprioritize cybersecurity as a nonstrategic investment. Don’t give them that power.

Allison Cerra

Gone Phishing

The weakest links in your defence may be human. With “phishing” schemes, rather than using code to break into a device or account, a hacker attempts to trick people into giving up their user credentials. You may get an email supposedly from a leader or colleague inviting you to click on a link or download a file, cautions Cerra. In this way, an employee may inadvertently compromise credentials, pave the way for a hacker to gain entrance to a company’s network or inject a computer virus. Another common exploit is for an attacker to pose as a bank or credit card representative and claim to want to clear up fraudulent charges on a user’s account, by verifying credential details. Although most people know not to trust Nigerian princes when they request help getting their money out of the country, Nigerian cybercriminal Oluwaseun Medayedupin was arrested in late 2021 after mining social media accounts for disgruntled employees who might be willing to infect their workplaces with ransomware for a cut of the proceeds.

Image of: The New Attack Surface is Your Life
Video Summary

The New Attack Surface is Your Life

To hack companies, cybercriminals now target individual employees. Protect yourself and your company with simple, effective security measures.

Martin Casado Andreessen Horowitz
Read Summary

A hacker may use a fake ID to convince a person’s carrier to transfer their phone number to a device in the hacker’s control. With that access, the phisher can also access the target’s accounts, verification codes and various credentials. Casado recounts how one hacker joined a cleaning agency to get access to a target’s computer in their home and install malware.

You are a conduit to every organization that you are connected to, so many attacks will start with you in your personal life, and then move to the company.

Martin Casado

Complex Technologies Multiply Cyber Risks

Cerra cautions that with each new layer of technology – from mobile to cloud to the Internet of Things – the potential vulnerabilities grow. In 2016, Domain Name System provider Dyn suffered a denial of service attack – where hackers overload and crash a server with bogus requests – which crippled Twitter, Netflix and other massive sites; Dyn was an essential vendor in their supply chain. In this case, bot networks gained access via the connected devices in most people’s homes like DVRs and baby monitors.

Image of: Unilever’s Bobby Ford Discusses How to Secure Your Digital Business
Video Summary

Unilever’s Bobby Ford Discusses How to Secure Your Digital Business

Unilever CISO Bobby Ford discusses strategies for protecting digital assets during a pandemic.

Bobby Ford WSJ Video
Read Summary

Chief Information Security Officer for Unilever Bobby Ford oversees data security at 300 manufacturing facilities. Large companies use legacy technologies, especially in manufacturing, that can’t effectively be monitored as part of its operational technologies network. These are exactly the vulnerabilities cybercriminals look for. Even so, as penetration tester Sophie Daniel recounts in “How I Socially Engineer Myself into High Security Facilities,” manipulating employees presents even greater opportunities, especially in highly secured environments.

Image of: How I Socially Engineer Myself into High Security Facilities
Article Summary

How I Socially Engineer Myself into High Security Facilities

Is your organization vulnerable to malicious social engineering?

Sophie Daniel Motherboard
Read Summary

It’s a penetration tester’s job to probe a company for security vulnerabilities. Daniel uses “social engineering” to get into secure locations. She gained access to one facility and its data center despite its security protocols, armed guards and biometric gates by manipulating a recently hired employee, Mary. She studied Mary’s social accounts to get to know her personal life and found out Mary volunteered at a maternity support center. Daniel called Mary posing as Barbara, a project manager for the facility trying to set up an appointment for the next day with an interior designer. When Mary complained about the short notice, Barbara mentioned she was due to give birth in six weeks, which made Mary immediately sympathetic. The next day Daniel showed up as Claire, the interior designer from a fictitious company. Daniel had created a website and business cards support the illusion of credibility. Once inside the facility, it wasn’t long before Daniel was left alone to wander freely. Prevent these kinds of break-ins by:

  • Requiring government-issued ID for visitors.
  • Emphasizing a “trust, but verify” mind-set companywide.
  • Being sure visitors are always accompanied by an escort.

An employee who does their homework can ruin my day.

Sophie Daniel

Adopt These Basic Cybersecurity Habits

As Quincy Larson points out in “How to Encrypt Your Entire Life in Less than an Hour,” if you use the internet, you’re vulnerable to hacking.

Image of: How to Encrypt Your Entire Life in Less than an Hour
Article Summary

How to Encrypt Your Entire Life in Less than an Hour

Quickly and easily keep your personal data safe with encryption.

Quincy Larson Medium
Read Summary

Focus on deterrence by adding encryption to the technologies and services you use:

  • Protect your email account with “two-factor authentication” which will require you to input a code sent to your phone for access.
  • Activate “full-disk encryption” for your hard drive on Windows or Mac OS systems.
  • Do not recycle passwords for various accounts: Use a password manager to keep track of difficult to crack passwords and change them periodically.
  • Do not use public Wi-Fi.
  • Use Signal for encrypted texting and file sharing.
  • Use Tor for browsing without tracking and Duck Duck Go for search to better protect your online activities.
  • Use a passcode on your phone, even if you already use biometric protection.

Other good habits include:

  • Clearing it with your company’s IT security staff before accessing a tool or service in the cloud.
  • Utilizing only encrypted thumb drives to transfer work.
  • Reporting suspicious emails or behavior.
  • Not leaving devices which may hold sensitive information unattended.
  • Remaining vigilant and taking cybersecurity seriously.

Companies can:

  • Use a network security key. Google effectively ended security breaches using these, according to Casado.
  • Set up “deception devices” to attract attackers and discover potential breaches.
  • Set up Red and Blue teams to play out potential scenarios of attack and probe for vulnerabilities, or hire a penetration tester.
  • Store keys and master passwords in a safe.
  • Utilize security checkpoints and cameras in your facility.

Read more about how to protect against cyberthreats:

Related Summaries in getAbstract’s Library
Image of: Cybersecurity
Podcast Summary

Cybersecurity

When battling cybercriminals, sometimes the best defense is a good offense.

Euromoney Euromoney Read Summary
Image of: Beyond Cybersecurity
Book Summary

Beyond Cybersecurity

Prepare your company for an inevitable cyberattack.

James M. Kaplan, Tucker Bailey, Derek O’Halloran, Alan Marcus and Chris Rezek Wiley Read Summary
Image of: Cybersecurity for Executives
Book Summary

Cybersecurity for Executives

Keep your data safe in the face of intensifying cybersecurity risks.

Gregory J. Touhill and C. Joseph Touhill Wiley Read Summary
Image of: The Unaddressed Gap in Cybersecurity: Human Performance
Article Summary

The Unaddressed Gap in Cybersecurity: Human Performance

Cybersecurity operations must adopt disciplined practices to mitigate the high cost of human performance errors.

Stephen A. Wilson, Dean Hamilton and Scott Stallbaum MIT Sloan Management Review Read Summary
Image of: The Art of Invisibility
Book Summary

The Art of Invisibility

A cybersecurity expert offers step-by-step instructions for protecting your privacy online.

Kevin Mitnick Little, Brown & Company Read Summary
Image of: How to Prepare for the Cyberattack That Is Coming to Your Company
Article Summary

How to Prepare for the Cyberattack That Is Coming to Your Company

A hacker just breached your company’s cybersecurity. What should you do?

Alex Pentland, Stuart Madnick, Shoaib Yousu and Michael Coden World Economic Forum Read Summary
How the Journal Saves You Time
Reading Time
7 min.
Reading time for this article is about 7 minutes.
Saved Time
25 h
This article saves you up to 25 hours of research and reading time.
Researched Abstracts
12 We have curated the most actionable insights from 12 summaries for this feature.
3 3 Videos
1 1 Podcast
4 4 Articles
4 We read and summarized 4 books with 1216 pages for this article.
Share this Story