RALEIGH, N.C. — Inside an old bank vault in downtown Raleigh lies a kind of war room where attacks are monitored and cyber bullets dodged.
"We put up the gates and the locks on the doors for our customers to try and keep threat actors out," said Steve Cobb, chief information security officer at One Source. "We have to continually monitor those gates and those locks because the attackers are finding new ways to get through the gates and pick the locks."
Cobb and his team are on the front lines, their eyes glued to an array of computer screens as they track malicious domain names and IP addresses.
"Basically, [IP addresses] are addresses where the attackers are coming from or they're sending data to. And if we're able to triangulate around these IP addresses, then we can stop or maybe interrupt some type of activity," he said.
Cobb says there are trillions of cyberattacks daily targeting individuals, mid-level businesses and major corporations.
"One threat actor that we know about... does about 25 million phishing emails per hour. That's per hour, and that's just one of them," Cobb said.
Usernames and passwords are often the first line of defense and many people reuse them.
"The problem with choosing a password like [12345 or password] is that it's known. So, if they find who you are, know from your Netflix account what your password is, it's pretty easy for them to find who you're banking with. They can just try the top banks in your area, start using that password. Next thing you know, they're in your bank account," Cobb said.
Cyber battles don't stop on weekends, evenings, or holidays — he says that's usually when they strike.
"The attackers know that for most companies, they don't have 24/7 coverage. And nobody's watching house," he said.
As cyberattacks show no signs of slowing down, Cobb and his team say it's time to be alert and proactive, and to always be suspicious.
"You get an email from somebody that you normally don't talk to, or it comes in at 3 o'clock in the morning when you know they normally don't send an email, taking that extra step can save a lot of pain," Cobb said.
Here's some tips Cobb says can improve your cybersecurity:
- Set up multifactor authentication on as many applications and systems as possible
- Have good password hygiene, and make sure you don't use common passwords like 1-2-3-4-5 or password
- Don't reuse passwords
- Instead of using passwords, use pass-phrases; Cobb says pass-phrases are more secure and easier to remember