Improving cyber hygiene to prevent catastrophic technology outages
Millions of computer systems going down at the same time; emergency services, travel, and financial systems disrupted; and global shipping halted. It’s the type of technology catastrophe many envisioned would happen during Y2K, or some far-off dystopian future, yet the CrowdStrike outage happened in 2024 and the world was woefully unprepared. While the exact cause is still being investigated, the culprit seems to have been a bug in their software.
It’s hard to comprehend living in a world where flawed or buggy code can take down so many critical systems and drain $5 billion in direct losses from Fortune 500 companies. And, it’s true that there’s no easy fix to this kind of problem. But whether it’s preventing bad software updates or maintaining compliance among constant requirements and changes, organizations can implement several practical measures to improve their cybersecurity hygiene and reduce their risk exposure.
Here are four key areas to focus on:1. Strengthen Employee Awareness and Access Controls
Social engineering attacks have nearly doubled since last year, accounting for 17% of all data breaches. In the past, email phishing attempts were fairly easy to spot because they were often filled with spelling and grammatical errors, and the email address they came from usually looked suspicious. Now, generative AI tools like ChatGPT allow attackers to create phishing emails that look very credible and might not be caught by spam filters.
New employees in particular are prime targets for cybercriminals. There’s a common phishing scheme where bad actors will use LinkedIn to find employees that have recently joined a company, then send them a text message pretending to be the company’s CEO. They’ll ask the employee to purchase gift cards and then send them the card numbers, scamming them out of hundreds or even thousands of dollars. In 2020, hackers gained access to Twitter’s systems through an employee phishing attack by calling customer service and tech support employees and instructing them to reset their passwords. That’s why it’s more important than ever to implement comprehensive security awareness training for all employees, especially new hires.
Another way companies can protect their systems from phishing attempts and other types of scams is by implementing role-based access controls (RBAC).
