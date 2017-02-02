It’s time to start thinking of cyber attacks as we do the common cold — the question is “when” it will happen, not “if,” according to cybersecurity expert Justin Fong.

It’s why individuals need to take a preemptive approach in protecting their information and why companies need to be vigilant and have the right response team.

“The human body is actually the best analogy I can think of for cybersecurity,” Fong said, speaking Wednesday at the Thompson Rivers University Privacy and Security Conference.

“You are going to get a cold. Sometimes you are going to get a flu,” he said. “How long you leave it depends on how resilient you are and being able to identify it and see a doctor.

“You need to make sure you have the doctor readily available. If he has no idea of your history or he’s not ready for you, he may not be a good fit. Those things are key to risk management.”

Fong is a cyber-risk partner with Deloitte, advising major oil and gas companies and global financial institutions on cybersecurity.

Defending assets from online attackers can sometimes be like fighting spaceships with spears, Fong said.

Hackers work together and share intelligence. Their advanced attacks can be hard to detect.

Advancements in technology — augmented reality, autonomous cars, drones — create new opportunities for malicious programmers.

Studies show it takes about 200 days to detect an attack, Fong said. Sometimes it can take years. Companies like his are paid to break into networks to expose flaws. He said large organizations need to invest in their cybersecurity.

“It’s always pretty easy to get in. Hackers are pretty ingenious in how they do things,” Fong said.

“We’ve seen the best companies with all the best technology, all the best password protection, all the best controls, but sometimes it’s the easy stuff we forget about. We’ve been able to simulate that for organizations to help them understand, ‘Where are my risks?’”

Fong noted three main groups: casual attackers who are looking to disclose information, such as the president’s tax returns; advance persistent threats, practised by state-sponsored hackers who aim to gain access to a network and stay there undetected; and organized crime, the bank robbers of the Internet who steal information for profit.

Stolen information is sold by the bulk-load on the dark web, Fong said, where users remain untraceable.

Personal records are worth about $1 and credit-card information is monetized by brand: $4 for MasterCard, $6 for Visa, $10 for American Express and $15 for American Express Centurion.

Strong passwords, good anti-virus software and regular malware scans are some of the easiest ways to protect digital information on an individual basis.

Back everything up and use encryption for sensitive information, Fong said.

It’s also wise to monitor personal accounts and activity to watch for anomalies. Don’t recycle or reuse passwords and never reference personal interests or information.

“Do not use passwords on things you like or are interested in like your girlfriend or pets because I’m going to guess it,” Fong said.