Most popular cyber threats you can encounter
Most popular cyber threats you can encounter
Let's start with a few words about yourself.
I’m Adam, and I've been working in Leon for seven years. Now I'm DevOps / Site Reliability Engineer, with a total IT experience of about 15 years. My responsibilities are to keep things running. This includes developing and monitoring cloud infrastructure, building and deploying systems for Leon’s application and some automatizations for developers. And of course, troubleshooting in most complex cases.
How did your story with Leon Software begin?
When I was fired from my previous company (which went bankrupt shortly after that...), I applied for a few offers. I've chosen Leon because I’m personally interested in flying and I had a nice conversation about motorcycle mechanics with a funny guy during the interview. Later it turned out that he is the vice president of the company.
What are the most important tasks of DevOps Engineer work?
My most important task is to be unnecessary. When everything is working fine nobody needs DevOps. So I’m ensuring that the application is accessible and, if possible, functional to customers. Also safe, as much as possible at least. My efforts are constantly being sabotaged by developers, customers and sometimes management, so I'm very busy counteracting these attempts.
Why is data protection so crucial for companies?
At some point companies are data. If you lose access to your data, it probably means that you will lose your job very soon. However, sometimes it only means that you are taking part in the standard employee dismissal procedure... But jokes aside.
The primary face of data protection is to be sure that no one unauthorised has access to it, especially if data are sensitive. Just imagine how happy your competitors would be if they had access to your database. Or, especially if you live in the USA, how happy your clients’ lawyers will be after the public leakage of their data. Regardless, I can bet that you don’t wish to read your private emails on public websites.
What are the people's reactions when you talk about cyber security outside of your company?
Most people don’t believe that “this” can happen to them. Until it does.
“This” can be losing a laptop with an unencrypted disk, clicking suspicious links, setting the same password everywhere, and keeping outdated software. Sometimes "this" is just to have an approach like: “that security rule will cause too much hassle” or “I will do this backup tomorrow”.
But remember, I'm not talking about it to scare anyone... Well actually, I do it to scare everyone. It's better to be scared now and do something about it than to wake up with the data of your clients posted on a thread in the darknet.
Do people often click on Phishing scams?
I hope not. But I know sometimes they do. And often this is a very expensive activity. Keeping your antivirus software and browser up to date is much cheaper.
Anyway, be extra careful when you start thinking “I’m not sure if I should receive this invoice/document/invitation, let's check…”. And check twice if everything is right before you start typing your password in the login form.
To paint the picture a bit wider - if you see some suspicious emails with discounts or heritage proposals from a distant relative prince - it's most probably a phishing scam where after providing your private details you might end up with 0$ on your account or a leak in your system.
What does a malware attack mean?
This means that some nasty creatures live in your computer and do things you don’t want them to do. Like rats in your basement, or neighbours in your spouse's bedroom.
But with your computer.
How much damage can a ransomware attack cause?
At least a few hours (or more probably - days) of your business outage until backup recovery. If you have a backup, and it is usable and resistant to such incidents (not all are). Or you will have to pay a high price to criminals to get your data back, without any guarantee of success. And you will never know if they didn’t sell this data to someone else to make a profit bigger.
Remember that the risk is much higher when you don't have a backup in your system, then you can pay an extremely large bounty or say bye bye to your data.
I suggest reading “Why is data protection so crucial for companies” chapter again before anything happens.
And how about "The -Man-in-the-middle" attack?
Generally, people don’t like him. He is an eavesdropper. But they rarely know that he is here, so they feel safe. Keep your firewall and antivirus up to date, double check website addresses and green lock before you login into your bank account. And feel safe.
The "man-in-the-middle" enters your PC mainly by creating a clone of a free WiFi connection, so your connection to it lets him be a middleman and watch all your movements, even money transactions.
It is worth mentioning that thanks to the fact that encryption of connections on various services is becoming more widespread, this type of threat has fewer and fewer opportunities to extract something of value from you. This does not mean that it is worth opening every free wi fi in the food court
Could you tell us what the future holds for cybersecurity?
I wish I knew. I would be a rich man. Or it would mean that I work at the NSA, GRU or Mossad.
But I can advise two things. Firstly, if something is encrypted today, it means that this is safe today, but someday in the future, this will be easy to read. So don't leave your laptops inside the buses, even if they're encrypted. Laptops, not buses.
Secondly, the internet is a battlefield of modern wars. So you can unexpectedly find yourself on the frontline, especially if your business is strategically important. Keep your head low and stock armoury.
So how to talk to my boss about cyber security in my company to convince them this is a very serious thing?
“Boss, if you don’t want to listen to me today, then I will come back tomorrow and I will say: <<I told you so (or at least I tried)>>”. Usually, they don’t like to risk hearing phrases which sound like “you were wrong” enough to listen to you.
And if your boss is an exception, send him/her this article and just after sending turn off the main server for 10 minutes. Ok... Maybe five minutes will also do the same job.
And at the end, I will give you a tip, even if you didn't ask: your company shouldn’t have a non-redundant single point of failure (like the main server) the unavailability of which causes interruption of the entire company operations.
Thank you for the interview
Sure, Thanks
Not yet a member of Leon community? Contact our Sales team to find out more or jump straight into the 30-day free trial.
TAGGED WITH