If you Google “The first rule of camping”, the top result is “start the camp before you start drinking.” That’s sound advice, but it’s not really the first rule. The first rule is: always go camping with someone who runs slower than you. That way, if you run into a bear, you don’t have to outrun the bear – you just have to outrun your friend.
This is a good camping rule; it’s also a good cybersecurity rule.
Cybercriminals go for the easy targets
The bear doesn’t really care who his lunch is, right? He’s going to grab the easiest lunch and then sit and enjoy them. Let’s say there’s a camper on the ground and a camper sitting on a tree branch: which will the bear go for? The branchy camper is the lucky one today.
This applies to cybersecurity too. Unless you are specifically being targeted, if you’re difficult to compromise the bad guys probably won’t bother as long as there are easier targets around… And there are always easier targets around.
What makes you a more difficult target?
- A good spam filter, web content filter, ad blocker, and antivirus software
- 2FA on critical accounts (like your email)
- Following the Principle of Least Privilege
- Critical thinking skills - knowing to ask the right questions
The bear analogy is flawed
Once a bear has had his fill of campers, he’ll stop running after you. This doesn’t apply to cybercriminals. Thanks to automation they can keep going, targeting multiple people at a time indefinitely. So you have to always be difficult, not just until someone else gets caught.
Photo by Richard Lee on Unsplash