People Canβt Pass Off the Responsibility of their Cybersecurity
Content Insider #599 β Open Season
By Miles Weston
βYou wage wars, murder, cheat, lie to us and try to make us believe it’s for our own good, yet we’re the criminals. Yes, I am a criminal. My crime is that of curiosity. I am a hacker, and this is my manifesto.” β Agent Bob, βHackers,β United Artists, 1995
Forget the fact that corporate executives and government officials are in an uproar about the reported computer hardware supply chain hack.
You canβt do anything about it.
Right now, itβs just the storyline for a great sci-fi movie.
Besides, youβre more concerned about your stuff thatβs being spread around the Web.
You already donβt trust Facebook with your personal data. You donβt trust Twitter with your personal data. You donβt trust Instagram with your personal data.
Heck, you donβt even trust your bank; your national, regional, local government; your local retailers, your online stores, your healthcare service providers; and probably not even your own company.
Why?
Some organizations simply sell your info to others who want to sell you stuff/ideas.
Others want to use it to do a better job of meeting your needs.
A few just like to have a bigger data pile than the next guy.
And yes, some use your data for βotherβ purposes.
Itβs become such a daily occurrence that government officials want to establish a βnational standard for privacy rules,β which sounds great.
However, a recent Pew Research report noted that for a $3 cup of coffee or a couple of added coupons/discounts, youβll give people all of the information they want.
Thank you very much!
Most organizations will do their darndest to keep their (and your) data from prying eyes; but itβs sortaβ, kindaβ a losing battle for them.
In fact, cybercrime reports have become such an everyday occurrence that we donβt even notice them β¦ until they hit home.
Some of the cybercrime you donβt mind and even think itβs a good thing.
You know, itβs okay for your government to snoop in and around the other governmentβs systems because you want to know what theyβre planning to do, and you want your countryβs activities/secrets safe.
One of the best ways to ensure that is to poke in and around their systems to find out what theyβre doing.
You know, the best defense is a good offense.
Whether itβs an offensive or defensive move, cybercrime is big business.
A Breach a Day β Google, Twitter and Facebook breaches garner a lot of press and legislative attention; but for the ordinary Joe and Jane, itβs just another part of the world we live in today. (ID is on art)
And itβs getting bigger!
Big Profits β Data breaches and hacks are becoming a very big, very profitable business with minimal overhead; and the chances of being caught/tried are very low.
The biggest problem is that the Internet (and later the Web) was designed and built to be open and fast to improve communications. That way, innovations could come faster, and things could be designed, built and introduced more quickly.
Back when Vint Cerf, Push Mohta and others rolled out the fledgling scientist/engineer communications service, it was all about techies sharing information.
Then, folks like Google, Alibaba, Facebook, Tencent, Amazon, Yahoo and hordes of others discovered it was a great way to encourage people to share their innermost thoughts and ideas in addition to buying stuff.
Then, others found they could keep you hooked by freeing you from your computer connection to use a tablet, smartphone, TV set, watch, game systems, refrigerators, cars, bathtubs, toilets, toysβheck, everything to stay in touch.
To do it, they built new software code and apps on top of old software code that was designed to do a job or thing β¦ not to do something extraneous like security.
Governments still use these aging systems β IBM mainframes, Apple IIs, IBM PC XTs and clones like the ES EVM (ΠΠ‘ ΠΠΠ), ES PEVM (ΠΠ‘ ΠΠΠΠ), M series, Minsk (ΠΠΈΠ½ΡΠΊ), Poisk (ΠΠΎΠΈΡΠΊ), Setun and others around the globe.
Good Olβ Boy β People in industrialized countries laugh at the thought of aged IBM, PC XT and Apple II systems being used; but they still hum in many of their countryβs government agencies and in small businesses in developing countries. Theyβre so old that no hacker wants to admit even trying to pick on them.
The good news for these agencies is that those systems and their software are so old no one can figure out how to write code that old to hack βem!
Today, every organization has some level of hacking capability β good hackers (white hats) and bad hackers (black hats).
It has gotten to the point where Brian Krebs (best known for Krebs on Security and his coverage of cybercrime, cybercriminals) and his security counterparts have a tough time keeping up.
All too often, they are tested by these hackers and whackers as well as cybercriminals; and they get to climb out from under the rubble and give us an eye witness report.
Pick Your Target β While ordinary folks think cybercrooks focus on big banks, utilities and government agencies; theyβre right, but everyday users are much easier to pick on β¦ especially with polished phishing techniques.
Cybersecurity experts all universally agree that there are only three types of companies:
- those that have been hacked
- those who donβt know theyβve been hacked
- those that will be hacked β¦ shortly
There are a lot of user-proven techniques to get into an organizationβs systems/networks.
Starting Points β If you look across the list of tactics cybercriminals use, you see that the most common denominator is someone at his/her keyboard who is either careless or finds it easier to work around security processes/procedures, giving hackers an open door to the enterprise.
Itβs pretty easy for a hacker to get into a firmβs system and grab the data they want. All it takes is a careless, greedy, dumb or sloppy user action.
You know:
- Helping a rich, dying old lady in England or Argentina spread her late husbandβs wealth to the poor (with a decent fee for your services)
- An email from HR to fill out and return the attached form
- A bunch of photos from last weekendβs party your friend thought youβd like to see
- A notice from your bank on unusual activity in your account they need verified (click here)
- Secure passwords like 1234,6 or ABCDEF or the word βpasswordβ
Some are really creative.
Almost Real β FedEx, UPS, bank, Amazon, credit card company and system alerts are relatively easy for cybercriminals to copy and send to purloined email addresses; and if only one out of 10,000 responds, the return on investment is pretty good for the thieves. Works better than a military officer trying to smuggle out boxes of gold.
And when companies, governments get hacked, you get hacked!
Oh sure, you could avoid the possibility of being hacked by getting of the iNet and getting back to the basic things that really count.
Abandon the Internet β The best way to avoid hacks, whacks and online thieves is to leave the Internet behind and take up the simple life away from civilization. If thatβs out-of-the-question, then practicing safe computing may be a viable alternative.
Okay, maybe thatβs a little drastic for you and your significant other.
But if your personal data has been put up for sale, there may be times youβll seriously consider it β¦ seriously.
Youβre for Sale β You donβt have to be a real techie to get a bunch of personal data from people because others will do the heavy lifting for you and give you an inventory list of whatβs available and prices. Cough up your Bitcoins and the data will be delivered. Yes, there is honor among thieves.
But if you decide packing up the old VW bus and heading for the back woods isnβt for you or just want to ensure youβre a little bit safe, you should:
- Check to see if youβve been hit with a couple of different malware, security testing packages.
- Check haveibeenpwned.com to see if you dodged the bullet. Itβs not a 100 percent guarantee, but itβs pretty good.
- See if youβve been impacted and what info is at risk.
- Change questionable or shaky passwords.
- Donβt use a password for more than one location.
- Get a password manager β and use it (less than 12 percent of people do).
- For your sensitive info (credit cards, social security numbers, etc.) see if the hacked company offers one year of free monitoring service β¦ and use it.
- Contact all of the credit monitoring services and consider a security freeze.
- Check to see if youβve been pwned and credit services at least twice a year β threats can appear years from now.
- Change passwords at least every six months and keep your software password manager current.
- Consider hardware security options as well.
Secure Access β Ocular scanning and finger print authentication are showing up on many devices to keep them secure since people seem reluctant to use robust password protection. Of course, for online locations, people still have to use passwords; or better yet, two-factor authentication.
Why do all that work?
Well, according to a recent cybersecurity report, you cause 58 percent of all of your companyβs breaches.
Donβt let cybersecurity people kid you, thereβs no such thing as foolproof cybersecurity or privacy.
Trust us, thereβs no shortage of fools who will consistently prove them wrong.
In addition, hackers who want to access a companyβs business/customer data always seem to be one-two steps ahead of cybersecurity solutions.
That will be true even when we have AI-based cybersecurity solutions because:
- Really smart systems canβt figure out how to do stupid stuff
- It takes a lot of creativity to do bad things to other people
As The Plague noted, βLet me explain the New World Order. Governments and corporations need people like you and me. We are Samurai… the Keyboard Cowboys… and all those other people who have no idea what’s going on are the cattle … Moooo.β
Better hardware wonβt help β¦ better software wonβt help.
Guess itβs up to us.