Why we fight: An homage to National Cybersecurity Awareness Month

The scene: An elderly couple enjoying their retirement. Sitting on the sofa watching a TV show about Alaskan gold mining.

Suddenly, the phone rings.

The elderly woman answers the phone. The voice on the other line is not a familiar one.

“Good evening ma’am,” a strange voice says.

The stranger then proceeds to tell the woman that he is an official in Mexico, and that her grandson is being held in a Mexican prison. Lucky for her, the stranger informs her that he already has her credit card number, and will only need her to answer a few more questions so the bail money can be wired to Mexico, at which point her grandson will be released from his dark, cold jail cell.

At that moment, her husband rises from the sofa and walks over so he can press his ear up to the receiver and listen in on the conversation. As the stranger starts talking about how quick and easy the process of posting bail is, the man decides that this story is just too unlikely.

With anxious hesitation, he grabs the phone from his wife and then hangs up. He then calls all of his grandchildren, only to find that none of them has ever even been to Mexico.

The skim >>> the scam

This story is real. The elderly couple is my grandparents, and I have never spent so much as an hour inside of a Mexican prison. When I speak about security, I always open my presentation entitled “EMV Credit Card Chips and You” with this story.

It turns out my grandparents had their credit card data stolen at a gas station in Florida. A device called a “skimmer“ was installed on one of the terminals. The skimmer stole the magnetic stripe data from the card. This data eventually made its way into the hands of the criminals who tried to use it in a variation of what the FBI calls “The Grandparent Scam.

In my presentation, I talk about how the new EMV credit cards thwart skimmers, and about how important it is to use encryption to protect yourself online.

Security Week: It lasts all-year-long

As October is National Cybersecurity Awareness Month, here at Hyland, we just finished observing it with our annual Security Week.

For one week each year, our application security team gets to immerse our fellow Hylanders into our world, the world of Information Security. Throughout the week, we host presentations on topics ranging from home security configuration to advanced cryptography. Volunteers also staff instructional demo booths and walk employees through the process of hacking vulnerable systems, so they can learn about the threats posed by unpatched, outdated, and unsecure software.

Late at night, Hylanders attempt to overtake their competitors in our own version of “Capture the Flag,” a security and penetration testing game where real-life hacker skills are put to the test. By learning to think like the bad guys, we better position ourselves to expect the type of attacks they use, so we can defend ourselves and our solutions accordingly.

Naturally, these proactive security measures help protect our customers’ information.

Staying vigilant

My grandfather is a WWII veteran of the U.S. Army Air Force. He worked hard from the time he was a teenager clear through to retirement. Of all the storms he has weathered throughout his life, who could have predicted that a cyberattack would be the one that almost separated him from his life savings?

Every victim of a data breach has their own story, and many have to make their own frustrated calls to banks and credit card companies, nervously trying to figure out how they’ve been affected.

When I think about the effects of our security efforts, I don’t count our victories in terms of the number of password hashes upgraded from SHA-2 to PBKDF2. I think of all of the weapons we’ve provided our customers with to protect people like my grandparents from cybercriminals.

This year’s theme for Security Week is “Security Week goes to the movies.” Of course, Hollywood doesn’t get every detail correct when it depicts the perpetual battles between cybercriminals and “white hat” information security professionals charged with defending software and data.

During my grandfather’s day, soldiers watched a film called Why We Fight, which depicted the dire consequences of allowing the world to be overtaken by fascism. Maybe we need a new Why We Fight movie; one that portrays the consequences of unpatched software, development lifecycles that do not incorporate security, and untrained employees – all in 4K quality.

The scenes in this new movie could show the frustrated phone calls of the victims instead of inaccurately glorifying the continuous command line entries streaming down the antagonist’s monitors. This film will not be like The Matrix. No dodging bullets in slow-mo, no kung fu, and no offense, but no Keanu.

Until Hollywood does a better job of telling the story, myself and the other members of the Hyland Application Security team will be here each fall, training the good guys (and good gals!), and making Security Week as fun and informative as we possibly can. Because, in the end, it’s all about sharing best practices to keep everyone’s information safe – ours, yours, and most importantly, everyone’s grandparents.

Josh Gatka

Josh Gatka

Josh Gatka has worked in Hyland’s Quality Assurance department for four years. In 2016, he assumed the role of Hyland’s Security Evangelist. His mission is to train and educate industry professionals on how to protect themselves and their organization from today’s advanced cyberthreats.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like...