Poor cyber hygiene to blame for most attacks, says expert

LANGKAWI: An expert has attributed the failure of many organisations and companies to prevent cyber security attacks to poor “cyber hygiene”.

John McCarthy, a senior cyber security adviser at a UK-based company, told FMT that the principle of cyber hygiene was in many ways similar to basic human hygiene.

“It’s about understanding how the simple things we do protect us and others around us.”

He said this meant not doing “silly things” like clicking on phishing emails or plugging in unknown USB drives, knowing who is in the building and accessing networks, and not giving away passwords.

“Everyone should receive training, from the cleaner to the CEO. In any company, no one is exempt from fire and safety training, so similarly, no one should be exempt from cyber security training.”

He said it was important for companies to adopt cyber hygiene procedures like barring employees from simply giving away their passwords.

“These are very simple things you’d think people wouldn’t do, but it happens. In cases where someone claims to be from tech support and is asking for your password, make sure they really are from tech support.”

Although 95% of cyber security budgets is spent on equipment, he said, 80% of attacks stem from human error. He warned that even anti-virus programmes were no guarantee of safety from cyber security threats, saying they were “at best, 50% effective”.

Even charging stations at malls and airports could leave users vulnerable to attacks, he added. He also cautioned social media users from publicising their date and place of birth.

“In the UK, a person can apply for a credit card with just those details and your name,” he said.

Likewise, he said, it was easy to access photos on social media sites, even if users’ profile settings are put at private, as the pictures can be accessed through profiles of second-degree friends.

“You have to assume that any photo you post on the internet is accessible to all. If you take that posture, then you should be aware of the implications of sharing photographs. Never assume it’s private.”

At the ACI Asia-Pacific Small and Emerging Airports Seminar 2018 earlier, McCarthy highlighted the importance of airports protecting themselves against cyber security attacks through inexpensive measures like good cyber hygiene practices.

One of the more recent cases of cyber attacks on airports was in September, when an attack on the Bristol Airport in the UK caused display screens at the airport to fail for two days.