More Education Needed To Prevent Cyber-Attacks
FREDERICTON – Leading experts out of the Canadian Institute for Cybersecurity (CIC) say when it comes to preventing cyber-attacks, education is key.
Recent attacks, like November’s attack on the City of Saint John, have shown that ransomware attacks are rampant in attacks towards businesses and organizations at all levels.
Dr. Ali Ghorbani, the Director of the CIC and Tier 1 Canada Research Chair in Cybersecurity, says that this trend is bound to continue as cyber attackers continue to use ransomware to make money from user data.
“Most trends you see now are social engineering and phishing,” said Dr. Ghorbani. “Tricking and making people click or download or open something they shouldn’t.”
Dr. Ghorbani and Dr. Saqib Hakak, Assistant Professor and Researcher with the CIC, believe the best path forward to preventing attacks that are triggered through phishing and social engineering is education and awareness.
“Whether it’s a large institution or small, awareness and education are key elements that we need to consider,” said Dr. Hakak. “If the organizations teach employees how to identify a phishing email or how to identify a phishing call, they can mitigate a lot of threats.”
Dr. Ghorbani and Dr. Hakak say that education needs to start in grade school and be carried through for future generations to be equipped with cyber intelligence.
“We needed time to make sure people washed their hands after they use the washroom. It didn’t happen overnight. Same thing with buckling up your seatbelt,” said Dr. Ghorbani. “It took years to make these things part of the culture. That’s why you need cyber security right from the very start in order to make it a culture, not as a policy that we do now.”
Dr. Ghorbani says the two categories he sees most attacks fall under are state-sponsored attacks of critical infrastructure and financial targeting.
Critical infrastructure has become increasingly targeted in the past five years due to more widely Internet-connected transportation and infrastructure.
Dr. Hakak adds that he worries about the future of cyber-attacks, with new developments in the Internet of Things and the rise of deep fake technologies that allow cyber attackers to easily impersonate anyone.
“In the future, I assume attackers will also try to target smart offices, smart homes, and self-driving cars,” said Hakak.
While the professors agree that small businesses are not as likely to be attacked as larger institutions, there are still threats out there for those operating a business of any size.
Dr. Ghorbani says the biggest attacks that face small businesses are stolen intellectual property, stolen data, and loss of work hours should an attack take place.
“Lack of education could bring down their entire system for some time and that would mean they are unable to do their work,” said Dr. Ghorbani. “Cleaning the machines and bringing them up again following an attack could be time-consuming and they may not have the expertise to do that, so they have to hire computer companies to come in, clear their system, and bring up their servers.”
To avoid cyber-attacks, Dr. Hakak says one of the biggest challenges is to convince people to follow the proper guidelines in avoiding becoming targets. Taking steps like making sure users use different passwords for each account is tedious, but goes a long way in ensuring their information is protected.
“Once you know these are the guidelines, you need to follow them, but people are quite lazy,” said Dr. Hakak. “That’s why it’s very important to address these issues and invest a lot in making people aware.”
Liam Floyd is a reporter for Huddle. Send him story suggestions: [email protected].
Gloss