EXECUTIVE SUMMARY:

The year 1988 and #NationalComputerSecurityDay

In the same year that NASA’s space shuttle program resumed, Beetlejuice and Rainman became blockbusters on the silver screen, and the Redskins defeated the Denver Broncos in the Super Bowl, the first ever computer worm spread across the internet.

Within 24 hours of release, roughly 6,000 of 60,000 connected computers experienced malfunctions.

“We are currently under attack,” wrote a UC Berkeley student in an email that evening. Prestigious academic institutions across the country, including Harvard, Princeton and Stanford, were infected with the worm.

How did the attack spread so quickly?

Computer worms, unlike computer viruses, do not require software in order to sleuth into machines. This means that they can spread with stealth and speed.

Although the worm only invaded computers that relied on a particular version of Unix OS, the attack propagated widely due to its ability to leverage multiple attack vectors. The program could exploit both backdoors in the fledgling email system of the time, and it could also exploit at least one bug in the program that tracked network participants.

The total impact? 

Important military and university initiatives slowed down significantly. Email message transmission took longer than the rate of traditional stamped and envelope-based mail. In some cases, institutions attempted to circumvent the cyber issue by wiping their systems. Others unplugged from the network for a prolonged period of time. The US FBI reports that the attack’s financial consequences cannot be fully assessed, but estimates suggest that the attacks may have cost anywhere from $100,000 into the millions.

As it turns out, a Harvard graduate with extensive computer expertise had launched the attack. The consequences were unintended.

Nonetheless, the event brought cyber security awareness to the forefront of researchers’ attention. Cyber security began to receive serious consideration. In an effort to wake people up to the new reality of cyber threats, National Computer Security Day emerged.

National Computer Security Day 2020:

National Computer Security Day occurs on November 30th each year. Unless you and your colleagues do not rely on internet-based technology at all whatsoever, national cyber security day deserves your attention.

And given the broad transition to remote work, and a recent spate of headline-grabbing data breaches, this year’s National Computer Security Day might just be more relevant than ever before.

National Computer Security Day serves as a good reminder to review organizational policies around cyber security and to engage with employees on the topic of device security.

Ensure that your colleagues know how to keep your enterprise secure while surfing the internet, and that they are familiar with how to report a potential cyber threat. Engage employees in conversations about the connected world, and the implications for organizations, employees and families. Highlight means of staying secure and run friendly and fun exercises to imprint concepts.

Remember: Cyber security starts at the top. If you communicate that it’s a priority, everyone else will fall in line behind you.

On National Computer Security Day, you might also want to revisit your personal level of cyber security. Have you backed up your files? Are your passwords unique and strong? How’s the security on your mobile device?

For more information on cyber security best practices and creative ways to observe National Computer Security Day, check out the Cyber Talk Glossary.