Cyber is a threat that we all, directly or indirectly, have and will face in the future.
There is a dramatically heightened concern about hacks to our banks, power grid and other institutions because of the Russian Invasion of Ukraine.
According to the FBI, over ⅓ of all successful cyber attacks come from a Phishing Attack either against our personal information, or the company/organization we work for. We have had “traditional training” regarding cyber security and prevention for years. With this being the case, why are Phishing Attacks so successful?
Cyber attacks have two types of impacts on our lives: Direct and Indirect. Direct is when they hack our personal business or our family directly. The indirect is when they impact parts of our economy and communities that impact how we live our lives.
The impacts could be shutting down banks so we can’t get our money, can’t buy groceries or put gas in our vehicles. Hacks could impact the electrical grid so that we lose power in our homes, businesses, cell service…..the list goes on. Most people today have not thought about how this would impact them. They are not prepared for these types of disruptions.
The most direct threats we all see as individuals are the Cyber Phishing Attacks that are targeted against us. You get them now both through emails and text messages.
I weekly get a text message that asks me to “click on a link” to win a prize or to check on the delivery of an item.
I recently got a text that was wanting me to call to verify that I ordered a MacBook Computer. I had not ordered a MacBook Computer. This was a scam where they wanted me to call where they would attempt to get personal information from me (address, social security, credit card) to try and clarify the discrepancy. If I would have done that, they would have had all the information they needed to use that card for their purposes.
Some people reading this are already aware of these types of phishing scams that are out there. The problem is, unfortunately, that most people do not know and are taken advantage of on a regular basis.
Even those of us that are “normally” aware of what these attempts are all about, get reeled in because we do not have the Situational Awareness Habits, Behaviors and Mindset to be able to recognize this attack, every time. We have and fall susceptible to “Normalcy Bias”.
What is Normalcy Bias? It is when we dis-believe or minimize a threat. At the moment we get that email or text with the link that they want us to click we do not see it as a threat so we go ahead and “click it”, opening up the “can of worms”.
Any time you get an email or a text message asking you to verify something, you need to use your critical thinking skills to question that email or text.
Let me use the text example above to illustrate what I am talking about, because the coincidence of this text made it dangerous. It is when there might be a rational explanation for something that we get in trouble, if we don’t have a process that we use each and every time.
My wife and I had just talked the day before about getting a new MacBook Computer for our youngest. It would have been very easy for me to look at this text and come to the conclusion that my wife followed through with that conversation and ordered a new computer. The reason I received the text was because the credit card company wanted to confirm the actual order.
I took a breath, and instead of following through on the text, I contacted my wife to see if she had indeed ordered a MacBook. She had not.
Now with this text, where they wanted me to call, I had an additional opportunity to not be scammed if, when I called the number, I got a “gut feeling” about why they were asking me to verify my credit card information. NEVER do that!
How do we keep from being victims to these attacks? The traditional “cyber” training that has been going on for years is not working.
The first step is to develop Situational Awareness Habits, Behaviors and a Mindset so that we are continuously ready for these types of threats.
Step two is to ensure that we are aware of the threats, and to make sure the people around us (colleagues, family members, friends) are aware. You can’t prevent something from happening if you aren’t aware of it.
Step three is to ensure we develop and learn the critical personal skills that are required for us to address these types of threats. We need to be Perceptive, know how to Think Critically, be able to make Decisions, and we need to have Learning Agility so that we keep up with and are prepared for the next type of attack that might be coming to our inbox or our phone.
Being Prepared is how you keep yourself from being a victim to these types of Cyber Attacks.