When people think of cybersecurity, they tend to imagine complex systems composed of advanced software and sophisticated hardware. Yet, as those who have attended information security training have shown, sometimes it is the simplest of actions that could have prevented disaster.
To reinforce this point, here are three cyberattacks that could have easily been avoided if the simplest of measures were properly implemented.
Could IT security training have prevented these cyberattacks?
1 – Vtech attack
One of the most important benefits of PRINCE2 training is the systematic implementation of a project rollout. However, in this first breach, cybersecurity personal overlooked one of the most important resources – humans.
Vtech is one of the biggest toy manufacturing companies in the world, which makes it a strange target for a cyberattack. As a result of the hack, millions of people had their information stolen, or at the very least compromised.
CNBC reported that over 6.4 million kids were exposed because of the breach, and according to Cybersecurity Analyst Troy Hunt, the password encryption used was not up to best practice.
"It's just a straight MD5 hash, not even an attempt at salting or using a decent hashing algorithm," he said.
While simple encryption does have it uses, when it comes to customer data, it is important to ensure that information is unreadable – just in case a breach does occur.
2 – Ashley Madison hack
Cybersecurity breaches are not only about financial loss, many have the affect of changing the lives of people forever. The Ashley Madison breach is one clear example of this scenario.
Not only was the breach highly publicised, the very nature of the website made any leak of personal information life-changing for those affected. Additionally, the hack will no doubt have damaged the company's brand, almost irredeemably.
The Guardian reported the company that ran the site boasted it had over 37 million members worldwide, while the service they offered was anonymous and 100 per cent discreet.
One of the major reasons for the hack was sloppy password protection. According to Vice , the hackers behind the breach said it was too easy to get access.
"Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers," they said.
3 – CIA Breach
In 2015, CIA director John Brennan's private account was hacked by a teenager. But how could a top executive's account from one of the world's most advanced security organisations be breached by a teenager?
As it turned out, the hacker masqueraded as a Verizon worker to trick another employee into revealing the spy chief's personal information. While phishing is a dangerous form of cyberattack, it is also easily preventable.
Simple cybersecurity hygiene can make a huge difference to the likelihood of a breach. For those who have attended information security training courses, setting up systems that ensure a culture of awareness is an obvious first step in any cybersecurity plan.
As a result of this oversight, the hacker was able to access the director's AOL account, which was being used to store sensitive documents – including a 47-page SF-86 application that is used to attain high-level government security clearance.
What these hacks and breaches show is that cybersecurity is an important part of the modern world. As the globe continues its push to be completely digital, there will be a number of employment opportunities in the sector.
If you would like to know more about cybersecurity and how you can take advantage to push your career forward, talk to the experts at ALC Training today.