Know Your Cyber Vulnerabilities

Ed Wenck | Jan 30, 2020

Longtime CEDIA volunteer Mike Maniscalco has been hard at work – this time crafting a pair of parallel classes for the traveling Tech Summit events. The courses, Cybersecurity for Business Managers and Cybersecurity for Technicians, are primarily about identifying and prioritizing the most pressing threats to your clients and your business.

But why two?

“The first is designed to alert managers to the threats that are out there,” says Maniscalco, “so that when a tech reports an issue from a jobsite, the boss will have some foreknowledge of that threat. The latter course is to help the tech in the field get that info back to everyone at their company.”

Nearly everyone in residential tech understands the challenges here, but to really drive home the point, Maniscalco’s assembled some stats:

  • One in three U.S. home computers are currently infected with malware,
  • 65% of Americans who’ve been online have received a scam offer,
  • 47% of American adults have had personal info exposed by cyber criminals, and
  • 600,000 accounts worldwide are hacked every day.

As Mansicalco’s quick to point out, it’s easy to go down the various rabbit holes attendant to these stats: How did we get here? What kind of crazy dystopian world are we creating? But instead of philosophizing about privacy concerns or the future of the hackable universe, Mansiclco’s classes are about identifying problems that exist right now, today, and figuring out a strategy to get ahead of potential issues. In the classes, attendees are asked to rank potential threats on an x/y axis: x expresses risk, low to high, and y expresses likelihood. (By risk, Maniscalco is speaking about the potential mayhem that the breach might cause.)

To plot the threats properly on the matrix, attendees first listed as many issues as they could think of. Working in groups, they noted everything from default passwords being repeated over and over again in various systems to under-educated employees opening malicious email attachments. Having ticked off the entire range of dangers, the students picked the three worst and then began to prioritize them along the axes. (Spoiler alert: The motive behind most of the threats is that old standby, theft.)

And what surprised Maniscalco about these new courses? “I’m amazed that everyone knows how important this is, and that most firms can identify what their major vulnerabilities – and liabilities – might be when they’re installing these systems. But this is about identifying the common threats you can tackle in the most cost-effective way possible. I get it – people are busy, but you’ve got to budget some time to address this stuff.”

“As the saying goes, there are two types of people,” he jokes. “Those who’ve been hacked – and those who don’t KNOW they’ve been hacked.”