As 2020 wound down, news broke of an extensive cybersecurity campaign that impacted as many as 18,000 U.S. organizations, including most federal government unclassified networks and more than 425 Fortune 500 companies. Those private and government customers downloaded legitimate, but corrupted software updates.
Federal and corporate leaders said the sophistication and scale of the attack was stunning, and its future impacts unknown.
Leaders of the country’s utility companies were concerned the campaign could even pose a threat to the power grid, a long-imagined cyberattack scenario whose impacts on heating systems, hospitals, cell service and transportation have been likened to an electronic Pearl Harbor.
While much about the attack and its fallout is still unfolding, what’s abundantly clear is that if the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency – included among those 18,000 victims – can suffer a cybersecurity attack, anyone can. And that the fallout from seemingly high-level attacks can trickle down to impact all of us.
That makes cybersecurity an issue about which everyone should be concerned.
“The scale of these operations means they’re targeting everybody in the world,” said Viasat Technical Director Lee Chieffalo, who specializes in cybersecurity for the company’s government sector. “Attackers are gathering information now that can be used against any possible target in the future. So it’s not just what your data can tell them about you now; it’s how it could be used against you five, 10 years from now.
“Additionally, it’s a bigger game than just you. Attackers need computer resources in order to conduct some of these large-scale attacks on bigger businesses, and they might use yours.”
Sophisticated hackers employ botnets to conduct large-scale operations. A bot is a software application or script that performs automated tasks. They can be used to take remote control of an affected computer, all without the user’s awareness. Hackers can then form a botnet – a collection of compromised computers with autonomous software that a hacker manipulates remotely – which can be used to overwhelm and shut down a company’s network.
Protecting against cyberattacks
Taking steps to protect your own computer systems and connected devices can also help protect others.
“It’s like wearing a mask during the coronavirus,” Chieffalo said. “You’re not just protecting yourself. You’re protecting other people, too.”
Here are a few ways to minimize your chances of a cyberattack:
- Use multi-factor authentication whenever possible.
In most cases, this comes as a one-time-use numeric code sent via text or through a smartphone authenticator app. Learn how to set this up in this PC Mag article.
- Change passwords regularly and use a password manager.
Password managers store the login information for all your websites and let you log into them automatically. These tools encrypt your password database with a master password – only one you must remember. Don’t know which one to use? CNET recently did a roundup of the best options for 2021.
- Use a VPN
A virtual private network creates an encrypted “tunnel” between your device and a remote server. Originally created to securely connect business networks together securely or allow users to access a business network from home, it’s also great for protecting your information while using public Wi-Fi, access streaming content from other countries, or gain access to some blocked websites. Find out about the best free and paid VPNs.
- Do a little research before buying your next IoT device.
Everything in your home that has an internet connection – including smart light bulbs, picture frames, refrigerators and security cameras – is also a potential playground for hackers. Research shows 98% of all internet of things data traffic is not encrypted, and once a device has been compromised, a hacker can leapfrog to other devices on the network. So change the default password, restrict supporting apps and update your devices regularly. And don’t always buy the cheapest IoT device; companies often sacrifice security for cost. That’s a tradeoff that can come with a steeper price down the road.