Whether data breach or insider leak, Panama Papers Cyber Security lessons still the same.
By now, you’ve heard about the leaked papers from a Panamanian law firm implicating world leaders, sports figures and celebrities alike in a scheme to shelter massive wealth in off-shore corporations (if not, see the NYTimes summary below for relevant links). At this point it is still unclear whether the 11.5 million records were obtained through hacking or leaked from someone inside of the Panamanian law firm.
But from a cyber security perspective, the lessons are nearly identical either way. At issue here is the massive centralization of data that makes either breach or leakage not only inevitable, but rather convenient. World leaders and executives alike must have a sense of deja vu from the leakage of the NSA documents by Edward Snowden several years ago. From a security perspective, it is baffling in both cases that one individual would have access to such a trove of data. This suggests that the records were not properly segmented, encrypted or subjected to user-level access permissions.
Ransomware: A Vital Course on the Next Big Cyber Threat
Ransomware is pretty much exactly what it sounds like: it holds your computer or mobile phone hostage and blackmails you into paying a ransom. It is a type of malware that prevents or limits users from accessing their system and forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back.
It’s been around since about 2005, but earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims.
Apple vs FBI: Building a backdoor into the iPhone is like burning the haystack…
I’ve been asked almost 100 times since Apple rejected the FBI’s request to break into the iPhone of the San Bernadino killers on which side I support. I am a firm believer that the most complex problems (this is one of them) deserve the simplest explanations. Here is the simplest way that I can walk you through the argument:
- If your immediate response, like many, is to side with Apple – “Don’t hack into your own operating system, it set’s a bad precedent” – then you have a good strong natural reflex when it comes to privacy. But don’t stop your thinking after your first reaction or thought, as it might be incomplete, because…
Common Phishing Scenarios:
“Your account has been suspended” or “We suspect fraudulent activity on your account” or “You’ve won a contest” or “We owe you a refund”
If you’ve ever received an email, voicemail or text with a message like one of the above, you know how visceral your reaction can be. And chances are very high that the message is a fake.
Just as fishing is one of the oldest occupations around, phishing is one of the oldest scams around. Ever since email was invented, thieves have been phishing to get your information by cleverly impersonating a business or an acquaintance. They hope to trick you into giving out your personal information or opening a link or an attachment that downloads malware onto your computer so that they can gain access all of your data.
If I could give the world a gift this holiday season, it would be to make the world a safer place to trust. You deserve to know whether or not you can trust the politicians you elect, the advice you receive from your doctor and whether or not you can entrust your privacy to the websites and businesses you use every day.
Identity theft, cyber stalking, and “big data” surveillance—these byproducts of the information economy make it hard to rest easy. Every day in the news we hear about another scam, another breach of corporate data that victimizes more than 11 million Americans a year. But you don’t have to be a statistic!
Want more tips on how to protect yourself, your family and your wealth during the holiday season? Take a few minutes to read 12 Days to a Safe Christmas.
Influential Cyber Data Breach 2015
January Data Breach
Premera BlueCross BlueShield
Health insurance company Premera BlueCross BlueShield said in March that it had discovered a breach in January that affected as many as 11.2 million subscribers, as well as some individuals who do business with the company. The breach compromised subscriber data, which includes names, birth dates, Social Security numbers, bank account information, addresses and other information.
February Cyber Breach
In February, a billion-dollar bank cyberheist was discovered, affecting as many as 100 banks around the world. The breaches, discovered by Kaspersky Lab, infiltrated the banks’ networks using tactics such as phishing and gaining access to key resources, including employee account credentials and privileges. The cybercriminal ring, known as Carbanak, then used those credentials to make fraudulent transfers and make hijacked ATM machines appear legitimate as they funneled more than $1 billion into their own pockets.
Anthem revealed a breach in February that exposed 80 million patient and employee records. Anthem said the breach occurred over several weeks, beginning in December 2014, and could have exposed names, date of birth, Social Security numbers, health-care ID numbers, home addresses, email addresses, employment information, income data and more. It said it did not believe banking information was taken. The Wall Street Journal reported that Anthem had not encrypted the data that was accessed by hackers.
Come on, admit it. Don’t you feel just a little satisfaction watching 37 million adulterers exposed in the Ashley Madison hack? “They do kind of deserve to be cheated just a bit for being cheaters,” someone in one of my keynote speeches commented.
Product Review: Are identity theft monitoring services worth it?
Yes, identity theft services can be well worth the investment, especially if you ever become a victim. Imagine that your Social Security number is part of a national breach like Anthem or the Office of Personnel Management. Or it’s stolen out of your tax preparer’s office, scavenged from your trash or skimmed from your iPad as you surf on a free Wi-Fi connection. In most cases, you have no idea that your digital identity has fallen into unethical hands, usually those of organized crime, who replicate and resell it in seconds.
I’ve had dozens of media requests for interviews and countless more email inquiries from people concerned about the Target data breach. At first, everyone just wanted to know details of how it happened, how big the breach was, and what they should do about it if their credit cards were at risk. Now that the initial shock of it is over, we are on to a bigger question:
How do we keep breach from negatively affecting so many Americans?
Breach will always happen. If it’s digital, it’s hackable. It’s coming to light that the Target breach may have been due to the computer access an HVAC WORKER (no, not an entire company, an individual WORKER) had to Target’s systems. While there is no guaranteed way of preventing fraud, there is a pretty reliable answer out there, and it’s been around for decades. That answer is for the US to finally catch up to more than 80 countries around the world and start using chip and PIN enabled credit cards, also known as EMV, smart cards, or microchip cards.