Internal audit promotes cyber security awareness
October is National Cyber Security Awareness Month, and the Internal Audit Department notes that everyone has a role to play in cyber security.
Cyber Security Awareness month is an opportunity to engage University stakeholders, as well as the general public, about the need to create a safe, secure and resilient cyber environment, said Tom York, director of internal audit. Constantly evolving cyber threats require the engagement of the entire nation — from government and law enforcement to the private sector and most importantly, the public.
Many people mistakenly believe cybercriminals would never target them, as their computer or information has no value. However, computers are attacked every day. According to experts, cybercriminals use the Internet to target millions of people worldwide, 24 hours a day, seven days a week. And they now have access to sophisticated tools that automate these attacks — meaning University systems, as well as employees’ personal computers, are constantly under attack by thousands of worldwide criminals.
One of the simplest ways to hack into an organization is by targeting its employees, note experts. York stated that employees can represent a weakness because sometimes they make common mistakes, such as clicking on malicious links or using infected USB drives.
During the past decade, cybercriminals have become more and more sophisticated. Initially, they often worked alone, and they had to build their own attack tools, manually find and hack into computers, send out spam, steal account information and transfer or wire stolen money all by themselves.
Today’s cybercriminals are far more sophisticated. Each criminal now has a specific field of expertise, and working together, they have developed their own highly organized community. For example, one group is dedicated to developing and supporting sophisticated attack tools. Another group specializes in hacking into other computers or stealing personal information. Others work to sell compromised computers or stolen bank accounts, while an entirely different group transfers and launders stolen money. An entire cybercrime economy has emerged, which is constantly improving its tactics and becoming more effective and efficient in making money every day.
The Department of Homeland Security, the federal sponsor for National Cyber Security Awareness Month, has collected a wealth of informational resources on its website that can be used by individuals, parents and supervisors to pass along tips for staying secure in a digital world.
Also, the National Cyber Security Alliance has a collection of educational resources on its NCSAM website that gives practical advice on Internet safety. The SANS Institute “Securing the Human” modules form the framework for a revived information security awareness training program offered by Information and Technology Services.