In keeping with my unintended theme of late, FBI Cyber along with partners at the DoD Cyber Crime Center have released an advisory detailing Iran's targeting of US critical infrastructure and businesses.
 
Are you reading this next line?
 
The reason I am asking is because I know these headlines can seem redundant. They seem redundant because they are redundant. FBI Cyber has spent most of the last year continuously warning and advising about multiple state actors sponsoring or perpetrating nefarious cyber activity against US targets.
 
Why keep writing about it?
 
I keep drawing attention to these stories because working in my field for so long has made one thing painfully clear to me. The public still largely cannot conceptualize the threat of cyber attack/crime. I have developed a theory on this issue over years of teaching security awareness at various businesses and organizations. People are naturally predisposed to respond to and therefore understand threat that is within their physical scope of influence. Threat of violence, burglary, auto accident, house fire etc... these are things that are natural and simple for the ancient brain to wrap itself around. Technology however, has created an interesting alternate reality for our simple little brains. Today we have a vague sense of a "self" on the web. A digital identity that is neither physical or spiritual but electrical. 1's and 0's stored, processed and transmitted over millions of miles of cables or radio waves stretching from one end of our little blue planet to the other. THIS is NOT simple for our ancient brains to wrap themselves around. The 'threat" is vague, nuanced and difficult to articulate.
 
My email was broken into? How should I feel about that? Is that supposed to feel like someone breaking into my car or house? Should I feel violated? Exposed? Unsafe?
 
Often when dealing with the aftermath of cyber crime I have spoken at length with victims and they do readily express feeling of discomfort and frustration but they are also often unclear on what they feel. It is not obvious how they should emote. They are often dealing simultaneously with realizing for the first time that they CAN BE victimized digitally and wrestling conceptually with what that means. It is not obvious or simple.
 
Does it feel like we got a bit off track? I hope not.
 

My point is this. Just because it isn't easy to understand how a government, organization or individual thousands of miles away can target, damage or destroy your personal life, finances or business reputation, doesn't mean it isn't TRUE.

Harden the Target, Stay Vigilant!

#realtechsupport #realcyber

Reflections on article tagged below: