Are you as cybersecurity savvy as you believe?

Status is onlineNigel Bowen

Think that you’re undeceivable after completing that mandatory cybersecurity training module? It’s estimated businesses across the globe will have collectively lost a lazy US$6 trillion to cyber villains by the time 2021 draws to a close. And much of that money was purloined from financial institutions staffed by educated, intelligent and conscientious individuals. So, you might want to take this quiz and find out if you’re as shrewd as you’d like to believe.

When asked why he robbed banks, career criminal Willie Sutton is reported to have replied:

a)    “Because that’s where the money is”

b)    “Because miscreants through the ages have prided themselves on identifying then exploiting vulnerabilities in security systems”

c)     “Who is the greater malefactor – me or those urging ever-greater quantitative easing?”

A zero-trust network is one where:

a)    Only authenticated and authorised users (and their devices) can access data, regardless of whether they’re in the office or working remotely

b)    Middle managers are expected to keep an eye on how contractors, new hires and interns are using their work devices

c)     You pretend to like and respect your colleagues while feverishly plotting their downfall 

In a well-run business, who takes responsibility for cybersecurity?

a)    Everybody

b)    The IT guy

c)     Nobody

You receive an email from your firm’s bank saying they have detected suspicious log-in attempts and that you need to click on a link to go to a site to verify information such as emails and passwords. You:

a)    Alert your IT department, then contact the bank

b)    Consult with a colleague, then proceed to supply the requested information after they reassure you the email “looks legit”

c)     Supply the requested information along with your personal bank account details and passwords so the bank can check them as well 

You receive an email from someone at the pointy end of the org chart instructing you to transfer a large sum of money to an unfamiliar bank account. You:

a)    Ring the high-flyer in question to double check they were the one who sent the email and that they do indeed want the money transferred

b)    Conclude that a malicious actor can’t possibly have hijacked an email account and opt not to waste your boss’s valuable time by seeking confirmation 

c)     Quickly complete the transfer so you can get back to your email correspondence with that lovely Nigerian prince desperate to transfer money out of his country

You get an official-looking email from a government department relating to COVID-19. You:

a)    Immediately delete it before Googling the government department in question to check whether there has been a pandemic-related development of note

b)    Cautiously open the email without clicking on any links or downloading any attachments

c)     Safeguard the health of your co-workers by clicking every link and downloading every attachment to extract the maximum useful information

Which of the following are phishing attacks that businesses currently need to be worried about?

a)    Spear phishing 

b)    Smishing and vishing

c)     G-stringing and swinging

The most elegant way to outwit ransomware extortionists is to:

a)    Be meticulous about regularly backing up important business data then storing it somewhere ‘offline’, ideally in the cloud

b)    Implement a blanket ban on downloading email attachments

c)     Have an ugly website, so everybody will assume you’re running an undercapitalised business 

The first thing a recently launched business operating on a shoestring cybersecurity budget should do is:

a)    Have a penetration tester conduct a threat audit then provide advice about eliminating system vulnerabilities

b)    Invest in some top-quality anti-malware software

c)     Forbid staff using ‘123456’, ‘QWERTY’ or ‘password’ as their password

A business wanting to protect itself against disgruntled or vauntingly ambitious ‘turncloak’ employees seeking to steal sensitive data should:

a)    Institute strict access controls to ensure no staff member can download any more data than they require to do their job  

b)    Disable the USB ports on all the desktops and laptops used by staff

c)     Force all employees to submit to a monthly lie-detector test

Which of the following businesses is likely to be the most cyber resilient?

a)    One that uses multifactor authentication, encrypts data wherever possible, and always patches its software ASAP

b)    One that invests heavily in anti-malware software

c)     One that bans staff from writing their password on a Post-it Note then sticking it to their computer


 Mostly A’s – You’re the Stephen Hawking of cyber safety! Ivan is going to have to get up very early in the morning to breach your firewall.

 Mostly B’s – You’re digitally savvy, but you’ll need to lift your game to avoid getting Snowdened at some point.    

 Mostly C’s – You’re a walking, talking Dunning-Kruger effect case study who should consider a career transition into blacksmithing.