Posts tagged "Cyber Security"
How to Protect Yourself from the Equifax Data Breach
Equifax, one of the three major consumer credit reporting agencies disclosed that hackers compromised Social Security and driver’s license numbers as well as names, birthdates, addresses and some credit cards on more than 143 million Americans. If you have a credit profile, you were probably affected.
Credit reporting companies collect and sell vast troves of consumer data from your buying habits to your credit worthiness, making this quite possibly the most destructive data security breach in history. By hacking Equifax, the criminals were able to get all of your personally identifying information in a one-stop shop. This is the third major cybersecurity breach at Equifax since 2015, demonstrating that they continue to place profits over consumer protection. Ultimately, their negligence will erode their margins, their credibility and their position as one of the big three.
Honestly, we don’t know yet. There was a time when our voting preferences, our political leanings, our policy choices were our own business. Now they are someone else’s business, quite literally. There are so many stories coming out about Donald Trump’s connections to and collusion with the Russians that it is getting hard to keep these accusations straight. Here’s the latest:
Trump Russia Investigation Update
The key word is help. As in, actively provide information that the Russians may not have been able to discover on their own. “Help” is not a synonym for encourage, appreciate or enjoy.
Without getting too political (because after all, this is a cyber security blog), here are the basics of the Trump-Russia Investigation from a cyber security perspective:
- The Trump campaign had possession of a huge amount of information about American voters from Cambridge Analytica, the data mining firm hired to help collect and use social media information to identify and persuade voters to vote (or not vote), through an activity known as political micro-targeting.
Our national security depends on cyber security, and Russian hacking threatens those defenses. Every day that I come to work, I see an erosion of traditional power structures at the hands of increasing cyber threats. The hacking of Yahoo by Russian operatives and the DNC are two such examples that have potentially shifted the balance of power from our marketplace and political sphere into the hands of Vladimir Putin, Russian cyber criminals and anyone piggybacking on their technology. Now that Roger Stone, an administration advisor, has admitted to contact with the DNC hacker (Guccifer 2.0), the ties are too direct to ignore. But we shouldn’t be doing this for purely political reasons, we should be doing it to clear our President and his administration of wrongdoing so that they can go on about governing the country and implementing their vision.
Whether data breach or insider leak, Panama Papers Cyber Security lessons still the same.
By now, you’ve heard about the leaked papers from a Panamanian law firm implicating world leaders, sports figures and celebrities alike in a scheme to shelter massive wealth in off-shore corporations (if not, see the NYTimes summary below for relevant links). At this point it is still unclear whether the 11.5 million records were obtained through hacking or leaked from someone inside of the Panamanian law firm.
But from a cyber security perspective, the lessons are nearly identical either way. At issue here is the massive centralization of data that makes either breach or leakage not only inevitable, but rather convenient. World leaders and executives alike must have a sense of deja vu from the leakage of the NSA documents by Edward Snowden several years ago. From a security perspective, it is baffling in both cases that one individual would have access to such a trove of data. This suggests that the records were not properly segmented, encrypted or subjected to user-level access permissions.
Ransomware: A Vital Course on the Next Big Cyber Threat
Ransomware is pretty much exactly what it sounds like: it holds your computer or mobile phone hostage and blackmails you into paying a ransom. It is a type of malware that prevents or limits users from accessing their system and forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back.
It’s been around since about 2005, but earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims.
Apple vs FBI: Building a backdoor into the iPhone is like burning the haystack…
I’ve been asked almost 100 times since Apple rejected the FBI’s request to break into the iPhone of the San Bernadino killers on which side I support. I am a firm believer that the most complex problems (this is one of them) deserve the simplest explanations. Here is the simplest way that I can walk you through the argument:
- If your immediate response, like many, is to side with Apple – “Don’t hack into your own operating system, it set’s a bad precedent” – then you have a good strong natural reflex when it comes to privacy. But don’t stop your thinking after your first reaction or thought, as it might be incomplete, because…
When the finance chief of a London hedge fund got an urgent phone call about possible fraud on a Friday afternoon just as he was preparing to leave work, he honestly thought he was doing the right thing by giving the caller the information requested. Wouldn’t any decent CFO want to stop fraud if it was in his power to do so? That way, he could rest easy for the weekend, knowing he had saved the company from damage. Imagine the feeling in the pit of his stomach when he turned on his computer Monday morning to find that 742,668 pounds ($1.2 million) was missing!
That’s what happened to Thomas Meston of Fortelus Capital Management LLP in December of 2013. He received a phone call from someone claiming to be from Coutts, the London-based hedge fund’s bank, and the caller warned him there may have been fraudulent activity on the account. Meston was reluctant, but agreed to use the bank’s smart card security system to generate codes for the caller to cancel 15 suspicious payments.
Despite deluge of stolen PII, data breach experts see little change in corporate security behavior
The results of a Ponemon Institute survey commissioned by defense contractor Raytheon suggest that the massive attention generated by recent data breaches have failed “to move the needle” in changing behaviors and attitudes toward information security at many companies.
One of my most trusted sources of information about data breach is Larry Ponemon of the Ponemon Institute. Larry’s data is unbiased, no nonsense and reliable, even though his work is occasionally commissioned by interested parties (like Raytheon). And supported by studies from other data breach experts, we are all screaming at your organization to WAKE THE HELL UP! I rarely use statistics (and only occasional but fully-justified swearing) in my keynote presentations (because I don’t fancy sleeping audiences — or lawsuits), but today I’m going to BOMBARD you with them. Use whichever stat you think will best shock your “head-in-the-scorching-sand” executive out of the destructive malaise that might lead you into an Anthem-like, Sony-style, Target-worthy data breach:
Checks Unlimited • PO Box 19000 • Colorado Springs, CO 80935-9000