March Madness | WARNING! Hackers On The Court –  By Ron Frechette, The Cyber Guy
Cross-posted from The Park Press

As the dramatic end of the 2016-2017 NFL season fades into our memory banks, all sports enthusiasts are now pivoting our collective attention to the sounds of squeaky sneakers and bouncing basketballs.  We call this collegiate sports phenomenon… March Madness! I would bet many of you reading this article already have the fever! As we progress in learning more about cybersecurity, it’s important to understand how hacking and cybersecurity began.  So, for March Madness month, I decided to mix it up and share a double dose of historical enlightenment.  In my research, I found a few interesting parallels between the history of March Madness and hacking.

History of March Madness

The term “March Madness” dates back to the early 1900s before television even existed. It was officially coined “March Madness” in 1939 by Henry V. Porter, a high school teacher and basketball coach in central Illinois. The tournament evolved from a statewide high school invitational event into what is today a nationally-recognized tournament of the most successful college basketball teams across the U.S. Whether we watch the games or not is irrelevant.  We hear our co-workers, friends, and family talk about getting their “brackets” completed in hopes of making it to “The Final Four” and winning the pool.  The number of people involved in March Madness hysteria has steadily increased over the years due to the increased “AWARENESS” of the tournament.  The American Gaming Association estimates over 70 million brackets will be completed and over $9 billion in wagers will exchange hands in 2017. Staggering statistics for a month of college basketball. For the record, the NCAA disapproves of any type of gambling in collegiate sports.

Question: Have you ever seen cybersecurity awareness promoted like March Madness?

History of Hacking

The term “hacking” also dates back to the early 1900s, when British magician Nevil Maskelyne hacked into Guglielmo Marconi’s wireless telegraphy device as he was attempting to publicly demonstrate his claims of having a secure and private communication device.  In 1939, the same year Henry Porter coined “March Madness,” the term “hacking” became popularized when Alan Turing and a team of mathematicians played a vital role in cracking the Nazi’s coded messages which were estimated to shorten the war by two years and saved over 14 million lives. Turing is considered by many to be the father of modern computer science. Fast forward to 1989, when the Internet set the stage for the Information Age which drastically transformed the way we live and conduct business across the world today.  Massive amounts of data have been uploaded into cyberspace, much of it unencrypted and available on demand. The information varies widely from top secret government warfare plans, to corporate trade secrets, down to our personal healthcare, banking and/or credit card information. In 2016, over 90 million individuals were victims of cyber-attacks. Crimes in cyberspace cost the global economy over $445 billion.  That number is expected to double in 2017 and so far, the signs are there.  Cyber-attacks are coming at us in all shapes and sizes. Ransomware attacks, IoT attacks, and data thefts are the most common today. The costs related to downtime, lawsuits, civil penalties, stress and headaches caused by cyber-attacks for individuals and small-midsize businesses are devastating!  Sixty percent of small businesses that experience a cyber breach are out of business within 6 to 12 months.

Question: If we gave cybersecurity the same level of attention we give March Madness, would we be less likely to become cybercrime victims?

AWARENESS is the Key…

Most of the cybersecurity AWARENESS attention over the past decade has been directed toward government agencies and large enterprise companies.  Why?  Because cybercriminals have been having a field day stealing all their sensitive data.  Breaches such as the DNC, Target, Home Depot, State of NY, and JP Morgan Chase have forced enterprise-level CEOs to make cybersecurity a top priority.  Now that enterprise organizations are getting better with security, cybercriminals are focusing on small-midsize businesses and individuals knowing they are extremely vulnerable due to a lack of basic cybersecurity AWARENESS training. As the crime trickles down, so must the AWARENESS, education and training. The fact is, most IT security consulting firms are still trying to keep up with the demand for services from the enterprise world, which has left small-midsize businesses severely underserved. It’s important to note that cybercriminals always attack the low-hanging fruit as a priority.  About 90% of the general population falls into this category. So, let’s wrap up by sharing some basic cybersecurity hygiene tips.

Cybersecurity Hygiene Tips

The following 8 Security Hygiene Tips will take you out of the low-hanging fruit category which will dramatically reduce the risk of you becoming a victim of a cyber-attack:

• Conduct an Annual Risk Assessment of your current network, applications and devices
• Ensure Anti-Virus Software is active and always updated
• Continually Update and Patch all software (OS, Adobe, Browsers, Applications, etc.)
• Restrict User Permissions of your network and devices
• Conduct Monthly Vulnerability Scanning of your network and devices
• Participate in Annual Security Awareness Training
• Encrypt Data at rest and in transit
• Conduct Annual Penetration Testing

Our goal each month in writing about cybersecurity in The Park Press is to arm our readers with good security hygiene practices that will reduce the risk of cyber-attacks.  Please share your thoughts or questions.  Wishing you all a safe and secure March Madness season!!