Quinnipiac chief information security officer Brian Kelly, of Cheshire, knows a thing or two about keeping information safe from hackers.
Although in the movies, cybersecurity experts run to cut hard lines to main frames and battle viruses that display flashing skulls on monitors, the true day-to-day life of a cybersecurity expert is much more dull.
An average day is uneventful, but the general public usually only hears about cybersecurity when there has been a breach. “We’re winning all the time,” Kelly said, but it only takes one breach for a damaging theft of private data.
“Awareness is big,” in keeping yourself safe, Kelly said.
One of the most common methods to gain access to private information is through phishing, getting users to voluntarily disclose their passwords through deception – the classic example of this is an email posing as a system administrator or popular website with a link to a false login page.
Norton, of the popular antivirus program, advises that users be wary of emails asking for confidential information, and never type their passwords into forms embedded in email messages or click links in emails unless they are sure they are authentic. “These days we see some really sophisticated phishing campaigns,” Kelly said.
For the average home user, Kelly said, another tip is to keep software up to date. Out of date software often has security exploits that have since been patched. Firefox, for example, recently pushed an update that temporarily disabled the Flash plugin. “They’re taking the lead, saying we know there is vulnerability there and we’re blocking it until it has been fixed,” Kelly said. He recommends the software Secunia, which is free for home users.
Secunia checks a system to alert the user if some of their software is out of date and needs to be updated. Users should also make sure they have antivirus software installed and up to date, the expert suggested.
The average person should also know that “when we make you change your password,” it’s for a good reason, Kelly said.
Kelly was recently honored by being appointed to the 2015-16 Cybersecurity Canon Induction Committee. He explained that The Cybersecurity Canon, sponsored by Palo Alto Networks, seeks to help create a standard baseline of knowledge for the relatively new cybersecurity industry. Books range from technical manuals to history and even popular literature, such as “The Girl With the Dragon Tattoo” by Stieg Larsson.
“The Cybersecurity Canon was created to identify a list of must-read books for all cybersecurity professionals,” Rick Howard, Palo Alto Networks’ chief security officer and 2015-16 Cybersecurity Induction Committee chairman, said in a statement. “These are books in which the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and that, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”
Books in the canon must portray significant history or milestones, or describe technical details in ways that “do not exaggerate the craft,” according to a press release.
“The Cybersecurity Canon is a great opportunity to engage with thought leaders across industries and disciplines,” Kelly said. “It is awesome to be a part of something that gives back to the cybersecurity community and helps strengthen and develop the field.”
For Kelly, the canon is the first step toward developing standards that modern systems need. He compares this generation of computers to early cars – not all of them have seat belts and airbags, and there are no crash test ratings. “We don’t have seatbelts standard. We haven’t gotten to the point yet where systems are inherently secure,” Kelly said.
View the original content and more from this author here: http://ift.tt/1JC9iWy
from cyber security caucus http://ift.tt/1JC9iWz
via IFTTT
No comments:
Post a Comment