US President Donald Trump was recently diagnosed with COVID-19. How he contracted the virus illustrates that anything is hackable.
Often, people ask if certain apps, websites or services are safe to use. Will my information be private? Will my data be logged? If so, who has access to that data? Will my data be shared with a third party? What steps can I take to protect my personal and private information? All of these questions fall under the cybersecurity umbrella. While we can take precautions and practice good cyber-hygiene, nothing is 100% secure.
Most people won’t want to hear that and they likely don’t believe it. They think their information is perfectly safe in the cloud or wherever that information is stored. The truth is, while those places might have tight security, anything can be hacked if someone has the proper set of skills, tools and time.
A really great way to illustrate this point is with the COVID-19 pandemic. Globally, humans are taking precautions. We’re social distancing, wearing masks and gloves, washing our hands many times throughout the day and limiting our exposure to people who could be sick. People who have underlying medical conditions are isolating themselves while people who experience health privilege are willing to take more risks. This is how the world functions with cybersecurity as well, we all do what we think is best for our businesses and ourselves to keep our information safe.
But yesterday, United States President Donald Trump was diagnosed with COVID-19. This is someone who is highly protected, tested regularly and is taking precautions. People who sit in the first several rows at his rallies are tested before they’re allowed to be that close to him. He is always surrounded by secret service personnel to keep people at a distance. He is one of the most highly protected people on the planet. And he still got COVID. How? One of his close personal aides contracted the virus and spread it to him.
This is EXACTLY how a cyber-attack works. The nefarious program or hacker trying to gain access to sensitive information can try to penetrate the walls you have set up. Maybe they get in that way through a weakness, maybe your security is solid enough to keep most attacks at bay. But when that hacker gains insider information and steals credentials, they can slip right in and do serious damage. Just like COVID-19.
We’ve said before, access is the first step. It doesn’t matter where that access is, if it’s the public Wi-Fi network or something else, once an attacker has access, they can get anywhere. It’s like scoping out someone’s medicine cabinet in their bathroom, once you’re in there, you learn a lot about that person. And once you ask to go to the bathroom, you then can scope out the rest of the house without anyone questioning why you are there.
The point we’re trying to make here is that it really doesn’t matter how secure you think you or your business are, you can always be hacked. If the President of the United States can get COVID-19 from someone he works with, then an attacker can get access to your systems simply by hacking one of your employees and getting their credentials. Set proper IAM controls using least privilege, utilize MFA, reduce your surface area for an attacker to exploit. As with most crime, the criminals perpetuating these attacks want easy targets. They want to grab and go or hit places that aren’t paying attention to security. Don’t make it easy for them, and if you’re unsure if your security is where it should be, hire or consult an expert to help!