As I mentioned in my last post, I recently started a new job, a large part of which is covering tech and cybersecurity issues. After five years of obsessively focusing on social media and community management, it’s an interesting change and fun to be learning so much. At the same time, though, it’s kind of terrifying, especially the cybersecurity stuff.
Last week I went to a cybersecurity conference and the opening keynote started with a video called “Cyber Awakening.” I wish I had a link to the video--so far I haven’t been able to get it, but if I do, I’ll be sure to add it because I think everyone should see it. It depicted a simulated but very realistic scenario where a popular new mobile app is released--happens every day, right? People download it to their phones--as we do every day with various apps. Without anyone realizing it, the app spreads malware to the phones it’s installed on, infiltrating the cellular network and spreading the malware to all phones on the network. That shuts down the cellular network--as in, ALL cell phone networks. Government officials don’t have the authority to quarantine individual cell phones or really do anything, and public panic spreads as the outage spreads from cell phones to the internet and other telecoms networks--planes are grounded, email stops working and website publishers and companies can’t access their websites. Widespread public panic ensues. Then in addition to the communications infrastructure shut-downs, the power grid is hit and mass blackouts occur. The financial sector is affected as trading grinds to a halt and the market crashes. The military gets involved and attacks are traced to Moscow. The video ends with the US on the brink of war, with the US in mass panic with no phones, no internet and no power.
Yikes. All from a mobile phone app.
While the video was fictional, the concept that an innocent-seeming app could shut down the whole country and take us to the brink of war is apparently real. Maware spread via mobile apps is happening. While Apple claims that their iOS is completely secure, this recently happened.
And this is just mobile devices. Social media is another big one for cyber attacks. That Facebook outage a few weeks ago? Cyber attack. That Microsoft email outage last week, just a glitch? I doubt it. The World Cup? Cyber attacker jackpot, apparently.
All this has me of course wondering about associations and cybersecurity. Another thing I’m learning about cybersecurity is that cyber terrorists often target specific industries. Associations are hubs for various industries--there’s an association for every industry, right? The perfect target for cyber attacks. Cyber criminals want to gain access to secrets or plans or information specific to a certain industry--how do they do it? They locate individuals who work in key organizations in that industry….say, like, through the industry’s association database, for instance. They breach that association’s AMS, phish the email addresses for all members and send an email that looks like it’s from the association but actually contains malware that infects all recipients networks, leading back to their secure information.
I’m curious--what are associations doing to protect their systems from cyber attacks like this? Especially with BYOD and employees working remotely--how do the IT staff secure the association’s network and data? Maybe it was just because I never thought about this stuff over the past 10+ years when I was in the association world, but I don’t recall any mention of cybersecurity from the various association software vendors. Is cybersecurity something association IT vendors focus on? If not, they should.