Busy shopping or busy defending against cyber threats?

Did you know that today is National Computer Security Day?

This awareness day has an interesting inception story starting with one of the first computer worms distributed by the predecessor to our internet, called ARPANET, back in 1988.


The worm, supposed to be a harmless computing exercise highlighting the weaknesses present in the network, actually caused significant damage. The U.S. Government Accountability Office put the cost of the damage at $100,000–$10,000,000 with removal of the worm often taking two days!


The worm functioned through the exploitation of weak passwords and that several the systems were running the same programmes with the same weaknesses. These are still two of the fundamental controls within cyber resilience today.


Following the worm’s discovery, two computer experts with the U.S. Defence Advanced Research Projects Agency (DARPA) recommended assembling a “National Computer Infection Action Team” (NCAT) to respond 24/7, 365 to these kinds of attacks. On November 14, the Software Engineering Institute (SEI), a research centre connected with Carnegie Mellon University, set up the Computer Emergency Response Team (CERT).


In 1988, the National Computer Security Day sprang out of the Washington, D.C., chapter of the Association for Computing Machinery’s (ACM) Special Interest Group on Security, Audit, and Control as a way to raise awareness about cybercrimes and viruses. According to a 2004 “Networld” article, “November 30 was chosen for CSD so that attention on computer security would remain high during the holiday season – when people are typically more focused on the busy shopping season than thwarting security threats.”.


So, 30+ years on, what has changed?

In terms of the threats, these have exploded, with numerous worms, viruses, exploits and criminals taking advantage of digital world most of us live and work in.


However, guidance and support to businesses have increased as well. In the UK in 2016, CERT UK, the Centre for Cyber Assessment (CCA) and Communications-Electronic Security Group (CESG) were combined to form the National Cyber Security Centre (NCSC) which continues to provide advice and support for the public and private sector in how to avoid computer security threats.


In 2021 the Eastern Cyber Resilience Centre was opened, building on the same ideas that are emphasised on today’s awareness day; to raise awareness within businesses about information security and ways to keep electronic devices and data protected from any potential threat. We provide free membership to businesses in the East of England, with guidance and support as well as affordable student services to help businesses build cyber resilience.


What about the weaknesses the worm highlighted?

These are still relevant today with weak passwords being a cyber criminal’s dream. So, follow these top tips for how to avoid weak passwords.


· Do not re-use passwords – each account should have a unique password so that if it ever gets stolen, only one account is compromised, not all your accounts.

· Use strong passwords – these should not be easily guessable from knowing you or your company, they should not appear on any compromised password list. The NCSC recommends using three random words, strung together with some capitals and special characters included.

· Use a password manager if you can’t remember all of your passwords – watch our 90 second video to find out more Password managers - what are they and why would I need one? - YouTube

· Change all default passwords – default passwords are commonly found on the internet and therefore are not secure. Change them wherever you find them, including your internet connected devices and routers.

· Enable 2 Factor Authentication everywhere you can, especially your email and social media accounts - What is two-factor authentication? - YouTube

· Join the ECRC for free and keep informed about the latest threats and guidance

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.