A few years ago I was involved in a pretty dramatic incident regarding my name being misused and abused online. I'll spare the specific details, but the important element—for the sake of this blog post—is that my personal, professional, and online security were compromised.
I spent an ungodly number of hours working with lawyers and my local police department to stop what was happening. The name I went by professionally took a hard beating, and as a result I mixed and matched my former married name with my legal name and every iteration thereof as a way to throw off the menacing harassers. (Hot tip for all of the people considering marriage: Take on your spouse's name. Even if you get divorced, having variations on your name comes in really handy.) As far as my identity was concerned, I dove underground and stayed there for almost two years -- which is quite difficult when a significant part of your job is done online and involves having something of an online persona.
It was a harrowing time and I remember feeling as though I was going to crack under the pressure of it all. Slowly but surely, my professional name and I were able to crawl out from the rubble, but the experience left an indelible mark on how I viewed the internet and the world of cybersecurity.
When Cyber Attacks Happen
My incident wasn't a ransomware attack, per se, but money was involved to get my harassers to undo the damage they'd done to my online persona. I was already getting harassed and stalked through social media, so the thought of having my data—aka, my address, phone number, etc—published for public consumption was paralyzing.
Even though my incident was more harassment than cyberattack, it completely shaped the way I view cyberattacks and how companies handle their own cyber security. That adage of "you won't care until it happens to you" really does ring true here.
We've published a few pieces on the site recently about the cyber-incident that happened at JBS. Earlier this year we posted something about Molson Coors' cyberattack as well. Being cyber-attack sensitive like I am, I suspected we'd also have a number of readers who would appreciate the severity of the situation and would click through to read the articles. Boy, was I wrong.
I'm sure there were a handful of people who enjoyed the schadenfreude of it all. There's a certain David and Goliath feel to large companies being taken down by small hackers. But the more we reported on the topic of JBS and cybersecurity, the fewer people seemed interested in reading. In fact, if you've clicked into this blog post to read it and made it this far, you might just be my new best friend.
I can't help but wonder: Why don't more people care about cybersecurity?
Cyber Insecurity
I'm doing my prep work for a podcast episode coming up with a renowned cybersecurity expert. I have so many questions I want to pick his brain about, but chief among them is: Why doesn't anyone seem to care about these cyberattacks outside of the IT departments for the companies they're happening to?
When I was dealing with my own issue a few years ago, I enacted every security measure that an everyday person like myself could find. I'm two-factor authenticated on everything, I have passwords that make most people cry (or laugh depending on your sense of humor), I don't respond to text messages, emails, social media messages, or phone calls unless I know the person contacting me. I use name variations if I think something seems askew with a website I need to submit my information to for work. I stopped doing the stupid quizzes and Facebook lists people post asking about my first pet, my favorite meal, the street I grew up, etc. I became a one-woman cyber-army and that was just for my own safety, never mind if I was in charge of data for anyone or anything else.
Having read a lot more about cybersecurity in the last few years and seeing its impact first hand, I'm absolutely dumbfounded that so many people are flippant about it. Do people have a case of SCE (small click energy)? Is this like the COVID-denier mentality that it's a ruse or that it's fake? Are people perhaps uncomfortable with their own cyber insecurity? Or, as I fear, do people really just not care because they feel it doesn't affect them?
At least once every two months, we get emails from our cyberteam at Putman reminding us of proper cyber-hygiene and so far, we've been pretty safe. Our teams span the generations, so it's not a matter of youngin vs. old fart. It is possible to have strong protocols in place to prevent cyberattacks, but how do we get more people in bigger companies to care enough to enact those?
Make it make sense, dear reader. How do we get more people to take an interest in their (or their company's) cybersecurity?
