When Cybersecurity Knowledge Isn’t Enough
If you had a gold coin worth $4.5 million in gold alone, you would be pretty serious about protecting it, right? Well, the Bode Museum in Berlin, Germany thought they were serious about protecting the “Big Maple Leaf” coin. After all, museum heists happen mostly in movies, and this particular coin happens to have a diameter of 20 inches and weighs 221 pounds, but if the usual precautions were enough to protect the coin, you probably wouldn’t be reading about it right now. The Bode Museum had all the knowledge and safeguards in place they needed to protect the coin, but that didn’t help them one bit, because thieves were able to load the coin into a wheelbarrow, cart it out of the building, and get away.
How could such a simple robbery be so successful?
Because knowledge doesn’t always mean awareness, and no matter how many articles you read about cybersecurity, nothing beats simple awareness.
Take Urology Austin for example. On March 24th, they began notifying patients that records which included names, addresses, dates of birth, and social security numbers had been compromised in a ransomware attack.
So far, the evidence is showing that the ransomware entered the system through an employee replying to compromised email, but that’s not the story here. If you know about cybercrime then you know that those hackers hit the jackpot in terms of information, but just like the Bode Museum, Urology Austin helped out the hackers by having knowledge but not being aware. Urology Austin didn’t pay the ransom because they had secure backups that resorted their systems (knowledge), but they made themselves an easy target by keeping records that were 20 years old.
According to one man, after he was notified of the breach he almost threw it away since he hasn’t been a patient at Urology Austin for 20 years. If Urology Austin was cybercrime-aware, they would know of the huge attack surface healthcare providers already provide, and would have made sure that they were not keeping any medical records they didn’t have to. But they only had knowledge, and that’s why more than 279,000 patients’ records were compromised. It’s impossible to say how many records would’ve been saved if Urology Austin didn’t keep them on file any longer than they needed to, but since they’re providing free credit monitoring to all 279,000 patients you can bet that they’re wishing they deleted or moved those old records long ago.
That’s what separates the winners from the losers in the cybersecurity war. The losers are the people who know about the threat of cybercrime and do the right things like having backups on hand, but the winners are the ones who do the same thing while also having the awareness to know that medical records that aren’t in use any longer are liabilities not worth protecting. It doesn’t matter if you’re a museum or a Urology center, awareness is key to making daily decisions that will keep you one step ahead of criminals.
So how can you become aware instead of just being knowledgeable? Simple dedication.
If you’re truly dedicated to cybersecurity, you won’t just try and patch problems you’ll try and prevent them from ever springing up. As simple as that sounds, it’s an incredibly difficult thing to do unless it’s your full-time job. That’s why so many CEOs and organizations neglect their cybersecurity and pay the price for it down the road. If you don’t think you can totally devote your focus to cybersecurity, find an IT professional and hire them as soon as you can. Don’t go a day more without being aware of what you’re up against, otherwise you’ll just be helping the hackers.