Much of one’s defense against cybersecurity threats can be derived from the same methods the attackers use. Operations security, or OPSEC, describes a set of techniques developed by the United States military to prevent information from falling into enemy hands. Hackers often rely on OPSEC to keep their activities unnoticed, but many of its principles can be used defensively as well.
For instance, awareness is a key tenet for practicing effective operational security. Every action taken exposes the practitioner to a certain level of risk. Defensively, many of these risks aren’t heavily relevant. But others, such as opening email attachments and unfamiliar documents, increase the threat level significantly. As cliche as it may seem, email attachments and scam websites are still the quickest and easiest ways to perpetrate a data heist. Being aware of this reality is one of the quickest ways to avoid falling victim to it.
Surprisingly, the most effective tool in a data thief’s belt isn’t technical at all. A technique known as social engineering has an attacker pose as a technical support representative or other individual with perceived authority, requesting sensitive information under the guise of solving a problem. Even the most sophisticated security firms fall prey to social engineering, as this hack on one of the world’s largest security companies demonstrated.
Combat social engineering by verifying any official contact. If someone calls claiming to be from a major company, ask for a direct extension and call the number listed on the official site. This screens out scammers in fake call centers, since they are unable to intercept outgoing calls. Likewise, never provide passwords or other identifying information in response to unsolicited contact. Further, any official business can be conducted without personal passwords, and anyone requesting one is likely perpetrating social engineering by claiming that one is necessary to access account details.
The threat of cyber crime is certainly very real, and its methods change every year. Despite this, most hacks employ the same basic techniques regardless of how big or small the target is. By learning the basics of good operation security, and by defending against social engineering, most of the common attacks can be stopped immediately and effectively.