When security meets sarcasm: Taylor Swift brings infosec to the masses
Talk to almost anyone in cybersecurity circles, and they'll know of Taylor Swift for an entirely different reason.
(Image: Giphy)
Infosec Taylor Swift -- who goes by @SwiftOnSecurity on Twitter -- inspires thousands of people each day talking about security. The account's real name (and gender) isn't known, but, "she" -- for the sake of argument -- makes an important contribution to cybersecurity despite her cloaked identity.
SecuriTay (her current moniker) is just one of an emerging trend of parody accounts, whichstirred put an industrial twist on a familiar face.
Her tweets bleed between her real-life day job of corporate IT and relatable pop culture, with an occasional mix of voice assistant fan-fiction.
And that's brought more than a hundred-thousand people to follow her tweets since her debut almost two years ago. Her unique brand of sarcasm echoes the quintessential archetype of her IT folk following, making her instantly likable and shareable.
Where other parody accounts have lost their novelty over time, Swift's security alter-ego is revered by many in security circles, and seen as a force for good.
Why? Because she knows what she's talking about.
Tricking a user into clicking a malicious link in an email is an old favorite with hackers and attackers. Just because spam has dropped in volume over the years to its lowest point in a decade doesn't mean the threat has gone away. Nowadays instead of tricking you into visiting a phishing website, clicking a malicious link could lock you out of your own computer or network for ransom, an arguably worse fate.
Sometimes the best hacks are the simplest hacks. The massive Sony hack that crippled the entertainment company's network was likely infiltrated through poor router security, said Hector "Sabu" Monsegur, in an interview with sister-site CNET. But as more tech becomes connected, every company has to start thinking with security first, and that means corporate executives sending the message downstream.
Nation state attackers, government hackers, botnets and more. They all sound concerning, but security starts with the basics. Anyone with a simple grasp of coding and a bitcoin or two can buy over-the-internet exploit kits that can target any user who visits a website. The NSA is probably the least of your troubles.
Patch, patch, and patch some more: every time they land, install them immediately. They are said to be the most effective way at preventing previously undiscovered ("zero-day") flaws from being exploited.
The government has a lot of data on you, but it's not even close to what companies like Facebook and Google have, not least your personal data, messages, what you like, and even what you search for. China remains a "frenemy" of the US, and is known to target US businesses and government departments.
They say the weakest link in the security chain is the user themselves. Users set bad or weak passwords, letting in hackers at a drop of a hat. Tricking helpdesk staff into handing over passwords through so-called social engineering techniques is becoming more possible, which can lead to account hijacks and network compromise. That's how one hacker took over the CIA director's private email account, says one report.
As for the sarcasm... case in point.