The National Counterintelligence and Security Centre (NCSC) has launched a public awareness campaign with the aim of improving the response of businesses to cybersecurity threats.
NCSC, part of the Office of the Director of National Intelligence, launched the “Know the Risk, Raise your Shield” campaign in response to the growing threat of cybercrinimals to businesses and organisations in the United States. Various forms of cyberattacks, ranging from phishing to ransomware, are on the rise. Sectors that deal with sensitive information, such as the healthcare sector and financial industries, are particularly at risk of attack. Credit card numbers and health information have huge black-market values, making them potentially lucrative targets. A successful phishing or ransomware campaign can earn a hacker thousands of dollars with very little effort on their part.
Although organisations understand the risk of cyberattacks, very few have implemented a security framework which is robust enough to mitigate the risks of such an attack. Various studies and surveys have shown that employees often lack adequate training on data security issues, and therefore are more likely to fall victim to a phishing attack. Organisations often do not have strict password policies, and fail to implement basic security measures such as two-factor authentication that would limit the risk of an unauthorised individual from accessing sensitive data.
The “Know the Risk, Raise your Shield” campaign hopes to address some of these issues by suggesting simple measures that an organisation can take to improve the cybersecurity framework and data protection culture in their organisation.
The campaign places an emphasis on five particular points for organisations;
- Strengthen your passwords
- Lock-down your social media accounts
- Delete suspicious emails
- Don’t expect privacy when you travel
- Know who you’re talking to
Most of these points are relatively straightforward. Strengthening passwords is a best practice and simple security measure, as is protecting social media accounts. Deleting suspicious emails will help prevent phishing attacks, the majority of which occur over email, and are often the cause of the largest data breaches. “Know who you’re talking to” is similar, instead preventing “vishing”, or voice-phishing, which occurs over telephone. Organisations are instructed not to expect privacy while travelling as electronic equipment can be interfered with and spyware installed.
There has been a worrying trend of nation-state financed threat actors are targeting private sector firms in the United States to gain access to sensitive information, proprietary data and are compromising supply chains. Russia is the most infamous of such threat-actors, although state-sponsored hackers from China, North Korea, and Iran are also attacking U.S. businesses. Independent threat actors also pose a significant threat.
“The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars,” explained NCSC Director William Evanina. According to the Director of National Intelligence’s website, the NCSC is “dedicated to raising awareness among government employees and private industry about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organisations to safeguard that which has been entrusted to their protection”.
A series of training videos have been posted on the following topics:
- Social media deception
- Social engineering
- Spear phishing
- Travel awareness
- Human targeting
- Supply chain risk management
- Economic espionage
Posters, brochures, and flyers are also available for download from the NCSC to help raise awareness of the threats among employees. The training materials can be accessed on the following link.