Why It's Vital to See Yourself in Cyber
- 10/31/2022
- Read Time : 5 min
Every October since 2004, the US Cybersecurity & Infrastructure Security Agency (CISA) promotes National Cybersecurity Awareness Month, a period of 31 days where the Agency does all it can to promote education, best practices, and helpful toolkits around cybersecurity and data protection, all while encouraging other responsible organizations and people to do the same.
The mantra this year is “See Yourself in Cyber”, but no – it’s not trying to evoke an image of Tron, Digimon, or any other transplanted world. CISA is promoting the simple yet sometimes overlooked truth: We are all already digital in at least some way and it is vital we act accordingly.
Yes, the focus is on the people. CISA, through its educational materials, wants to improve online safety in personal, educational, and professional settings. At PTC, we echo this message: It is important to know about the people in cyber, both its heroes and its villains, so that organizations may take appropriate measures to ensure their data and their reputations are protected going forward.
The “People” Behind Cybercrime
Cybercrime can be broken out by intention. While there are many nuances and minute variations, the motivations of cyber villains fall into four broad categories:
- Accidental: Almost always done by someone inside the company, this type of cybercrime is born of ignorance. An employee doesn’t know about cybersecurity policy or does not understand the nature of digital workflow. Entire network systems can and have been exposed by accident.
- Chaos: To quote the 2008 movie The Dark Knight: “Some men just want to watch the world burn.” Chaos actors may be anarchists or they may be anti-corporation. The exact motivation is not always easy to discern. Regardless, it does not fully matter. This group is most likely to simply delete the data it gets ahold of, rather than ransom it back. Chaos attacks can be devastating as they come without warning and don’t value the data they steal.
- Geopolitical: While most areas of the world have away from open armed conflict, the state of cyberwar is as active as ever. Countries, fueled by the desire for leverage, for advantage, and for retribution, will sometimes orchestrate powerful cyberattacks against one another. Russia, for instance, has been no stranger to cyberwarfare – whether against Georgia, Ukraine, or even the United States.
- Malicious: The maker of countless headlines, malicious third-party cyber attacks are the “classic” form most of us think of first. A criminal breaches a system, steals data, then sells that data – either back to the company or to another bidder. Sometimes, the data is simply released publicly, often if the organization in question is unwilling or unable to pay the ransom.
Four separate motivations, each with numerous tactics and commonly used cyberattacks. While some may speak of cybercrime as a lump collective, it is vital to understand these four motivations as not every criminal is countered in the exact same way. That said, there is a shared foundation of protection – and it may not necessarily be the department you immediately think of.
The People Combating Cybercrime
When talking about cybersecurity and data protection, most people likely think of IT. For much of the early internet, the IT department was looked at as the first and only line of defense needed against cybercrime. However, as more work shifted online, the idea of IT being the only line of defense became outdated, and not just that – but a dangerous assumption.
Think of the four groups listed above, some (especially the geopolitical) have enormous resources. Now picture the IT department of a small or even medium-sized business. It is perhaps a dozen employees, maybe up to 20. 20 people vs. a government agency – not a great contest. And it is vital to remember that these four distinct cyberthreats are always present. There is no taking turns. One organization can be hit with all four groups simultaneously if they are not careful, which brings us to the crucial meaning behind CISA’s “see yourself in cyber” messaging campaign.
The reality is that cybersecurity begins with each of us. If an employee goes online even once a day for their job then congratulations – they are part of the fight against cybercrime…or, with no training, they may find themselves an accidental antagonist. It’s not a simple one-and-done procedure either. Organizations owe it to their employees and themselves to hold regular trainings and updates regarding cybersecurity. Experts like Harvard Business Review have been sounding the alarm on inside threats since 2016, and the danger remains six years later.
To help individuals educate and prepare themselves for the changing realities of cybersecurity, CISA has provided a foundational toolkit for public use. This toolkit provides an overview of basic cyberattack threats, guiding principles to promote safety, and outlines on how to practice cybersecurity in the office and at home. There is no cybersecurity technology that can fully match the potential impact of an educated populace. Data encryption, multifactor authentication, firewalls, and zero trust principles are all important – but if an employee doesn’t know what any of those words mean – then their impact can be reduced or even fully negated.
Cybersecurity as an Ecosystem
Going forward, PTC urges everyone to think of cybersecurity as an ecosystem event. This means that it goes beyond an IT responsibility. It is bigger than any department, any supervisor, any executive. We live in a digital world increasingly like we live in the physical one, and much like you would never say “you only need a roof if you work in accounting,” you should not say “you only need to know about cybersecurity if you work in IT.” See yourself in cyber, and understand that we’re all right there with you.
PTC Trust Center
PTC's hub for information on our compliance with all laws and regulations that apply to our business as well as a resource to learn more about how we protect data entrusted to us.