“Cyberattacks are a growing threat facing businesses, major cities, and political campaigns. Cyber risk ranked as the top business concern for 2020, according to a recent survey of more than 2,700 global business leaders and security experts.
The attacks are always costly, sometimes embarrassing, and for critical urban infrastructure, they can be life threatening. But cybersecurity isn’t necessarily a high-tech or complicated computer science matter, according to MIT professor Lawrence Susskind, co-director of the MIT Cybersecurity Research Project in the Science Impact Collaborative. Attackers use “social engineering” — non-technical methods to manipulate people into clicking on infected links or websites or giving up confidential information.
To keep them out, Susskind teaches “defensive social engineering,” or creating an organizational structure and culture around best security practices and training employees to follow them. It can be as simple as teaching people not to open emails from unknown and unverified sources. The defensive part is key, he said — organizations should not wait until an attack happens to take action.”0