cybersecurity how to protect yourself from hackers cnntech_00011920.jpg
cybersecurity how to protect yourself from hackers cnntech_00011920.jpg
Now playing
02:25
How to protect yourself from hackers
Apple iPhone Xr models rest on display during a launch event on September 12, 2018, in Cupertino, California. - New iPhones set to be unveiled Wednesday offer Apple a chance for fresh momentum in a sputtering smartphone market as the California tech giant moves into new products and services to diversify.Apple was expected to introduce three new iPhone models at its media event at its Cupertino campus, notably seeking to strengthen its position in the premium smartphone market a year after launching its $1,000 iPhone X. (Photo by NOAH BERGER / AFP)        (Photo credit should read NOAH BERGER/AFP/Getty Images)
NOAH BERGER/AFP/Getty Images
Apple iPhone Xr models rest on display during a launch event on September 12, 2018, in Cupertino, California. - New iPhones set to be unveiled Wednesday offer Apple a chance for fresh momentum in a sputtering smartphone market as the California tech giant moves into new products and services to diversify.Apple was expected to introduce three new iPhone models at its media event at its Cupertino campus, notably seeking to strengthen its position in the premium smartphone market a year after launching its $1,000 iPhone X. (Photo by NOAH BERGER / AFP) (Photo credit should read NOAH BERGER/AFP/Getty Images)
Now playing
02:03
Apple may have most to lose with China tariffs
CNN
Now playing
03:09
First impressions of iPhone XS and XS Max
Photo Illustration: Shutterstock/CNNMoney
Now playing
01:25
Amazon is worth $1 trillion
The small rovers, MINERVA-II1. Rover-1A is on the left and Rover-1B is on the right. Behind the rovers is the cover in which they are stored.
JAXA
The small rovers, MINERVA-II1. Rover-1A is on the left and Rover-1B is on the right. Behind the rovers is the cover in which they are stored.
Now playing
01:49
See the images rover took on asteroid
Now playing
01:59
World's largest aircraft prepares to take off
Now playing
02:23
The man behind the world's first jet suit
Disney
Now playing
01:18
Disney's high-flying acrobatic robots will floor you
Courtesy MIT researchers
Now playing
01:10
'Blind' robot can climb stairs, leap on desks
Elon Musk flamethrower
INSTAGRAM/elonmusk
Elon Musk flamethrower
Now playing
00:51
Elon Musk releases new torch devices
Houben/Van Mierlo architecten
Now playing
00:53
Watch these 3D-printed homes being built
CNN
Now playing
04:02
We took to the sky in Kitty Hawk's flying car
Now playing
01:08
California tests pricey digital license plates
Amazon.com/CNNMoney
Now playing
01:18
Amazon under fire over Echo recording error
Now playing
01:21
Humanoid robot runs through the park by itself
blockchain thumb
CNN, Consensys
blockchain thumb
Now playing
03:00
What is blockchain?

Story highlights

Gerhard Eschelbeck: The cyber threats to our most personal data, our businesses, our infrastructure and our democracy are real

High-quality cybersecurity must become a prioritized pillar of society if we are to protect ourselves, writes Eschelbeck

Editor’s Note: Gerhard Eschelbeck is the vice president of privacy and security at Google. He published the “Laws of Vulnerabilities,” is one of the inventors of the Common Vulnerability Scoring System (CVSS), and holds numerous patents in the field of managed network security. The opinions expressed in this commentary are his.

(CNN) —  

In November 2014, the Guardians of Peace – a group affiliated with the North Korean government – hacked Sony Pictures because the studio was planning to release “The Interview,” a movie they felt insulted their leader, Kim Jong Un.

After the initial breach, the hackers threatened theaters that were planning to show the film. The premiere in New York was canceled, and theaters around the country decided not to show the movie.

Gerhard Eschelbeck
Weinberg-Clark Photography
Gerhard Eschelbeck

Still wanting the film to reach audiences, Sony Pictures asked if we could release the movie on Google Play and YouTube. Obviously, there were very serious security risks that we needed to consider. We could be attacked by the same type of targeted malware that infected Sony, or face a distributed denial-of-service (DDoS) attack that could attempt to make Google unreachable, or receive any number of other online threats.

We decided to help because we were confident that we could protect people watching the movie and withstand any retaliation, so on December 24, 2014 we released the movie while a full room of Google security experts monitored for suspicious traffic and other signs of attempted disruption. Thankfully, it went off without a hitch.

That was my first month at Google. In many ways, it was a brand new experience, but it confirmed something security folks have long known to be true: a strong foundation of security is the building block for all businesses – online and offline.

So much has changed since 2014. We’re on the cusp of a new computing era with the emergence of artificial intelligence and machine learning that will help build incredible products for users and power businesses worldwide. Security has come a long way – our automated systems can pick a spear-phishing email out of an internet-sized haystack – and yet, as a society, we’re putting everything in jeopardy by not making a commitment to security.

You don’t need to be an expert to see this. We are all reading the same headlines: hospitals, credit agencies, law firms, media companies, and a slew of other organizations have suffered serious breaches in the last few years. Nuclear power plants have been targeted, along with political institutions and officials – from the UK and South Korean governments to the French and US election campaigns.

Government-backed groups may be behind some of the more sophisticated attacks. But increasingly, weapons and resources that were once only available to governments have become available to anyone. Some of the attackers’ tools are even available for free.

This is not a drill: The threats to our most personal data, our businesses, our infrastructure, our democracy, are absolutely real.

So, what can we do about it?

There were two crucial takeaways from the episode with “The Interview” that need to be recognized.

First, sophisticated cyberattacks are a new, everyday reality. That attack wasn’t the first, and it obviously hasn’t been the last. This threat isn’t going anywhere.

Second, from now on, high-quality cybersecurity must be a pillar of modern society. In 2014, it enabled millions of people to watch a movie on Christmas Eve. Now, it’s an essential ingredient to protecting our economy, our democracy and our way of life. This may all feel a little abstract, so let me be very specific about steps we can take, right now, to strengthen online security for everyone.

Everyone needs to learn the fundamentals of online security.

According to recent research (ironically, based on anonymized data collected from security breaches), the most common password last year was “123456.” A Google survey shows the No. 1 thing experts do to secure their data is update their software; that wasn’t even in a top-five answer for non-experts in the same study. When I’m out of the “security bubble” and talk to people about important security measures like two-step verification and security keys, I get blank stares.

We aren’t even close to where we need to be.

Programs like The National Cybersecurity Alliance’s “Lock Down Your Login” and Google’s “Be Internet Awesome” are a great start, but we need to continue these types of conversations in school curricula, and at home with our families as well.

Every organization needs to treat cybersecurity as a constant, critical priority.

According to a prediction by the International Data Corporation, 70% of major multinational corporations based in the United States and Europe will face significant cybersecurity attacks by 2019.

Small organizations should be consulting with security experts on a regular basis; larger organizations should have a chief security officer who can drive a sound security strategy, and the supporting processes and procedures to eliminate vulnerability. At Google, we require all our employees to use Gmail, coupled with a Security Key – the strongest version of 2-step verification – to thwart would-be phishing attacks.

For most organizations, the best solution is to use a commercial cloud service provider. Among other benefits, their scale offers visibility across a huge swath of potential threats. And if your employer is not prioritizing security with this urgency, sound the alarm.

Every citizen deserves to have government representatives who prioritize online security education and defend national infrastructure from cyberattacks.

This shouldn’t be a partisan issue; in the US, both the current and previous administrations increased funding to support the nation’s cyberdefenses. And many local governments are taking long-overdue action to secure voting machines ahead of the mid-term elections.

Get our free weekly newsletter

Citizens should demand that their representatives fight for funding of critical cybersecurity organizations like The United States Computer Emergency Readiness Team (US-CERT) that enable everyone to stay safer online. US-CERT helped coordinate this week’s disclosure of the KRACK vulnerability, an industry-wide issue. And representatives should support ongoing education campaigns, such as National Cybersecurity Awareness Month.

To tackle these ever-present threats, companies, users, advocacy groups, and governments all need to do their parts. Let’s rise to the challenge.