![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
Cavalier attitude to privacy aids cyber-bandits
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 29 Jul 2015 19:04:02 -0600
http://www.vancouversun.com/opinion/columnists/Wells+Cavalier+attitude+privacy+aids+cyber+bandits/11251103/story.html Imagine coming home to find a stranger’s hands have rifled your financial records, rummaged through your medicine cabinet, removed family photos and ransacked your underwear drawer. You feel violated and enraged. At first, the police are sympathetic, but soon, their attitude changes. You went out to shop for a few hours. The house was left wide open, all the doors and windows ajar. You didn’t bother with a security system and you don’t have a dog. Also, there has been a rash of burglaries in the neighbourhood, which you are aware of. Pretty stupid, right? This sounds like an urban fable. Unfortunately, for online communications, the tale is too true. We have all seen headlines about hacking attacks. It seems distant and not relevant — but it is, and in the most intimate way possible. Right now, there might be someone looking through your financial and medical records, copying your personal files, reading your e-mail and collecting information on your family. It could be Chinese cyber spies, the Russian mafia, our own homegrown criminals, your friendly network administrator or that precocious kid next door. The World Wide Web is just that — worldwide. Previously, bandits at least had to travel to get to you. Today, they never even leave their cosy cubicle or bedroom. Once the baddies have your information, you can be hurt again and again — for years. We regularly give out our personal information or are compelled to provide it. We trust that those we give it to will protect it. But do they? On June 17, Canada’s federal government websites and e-mail were down for nearly two hours. Anonymous claimed responsibility. The group reportedly says that everything (they found) in the database was stored in plain text, or unencrypted. On June 4, the U.S. government announced that its networks had been hacked for up to a year, probably compromising the personal data of 21 million current and former federal workers. Sony was hacked in 2014. Data released included personal information about employees and their families, emails, executive salaries and unreleased films. According to one report, attackers erased nearly half of Sony’s personal computers, more than half of its servers, and destroyed their startup software. The list of incidents goes on and on. These are the Canadian and U.S. governments and one of the world’s largest technology companies. Yet elementary precautions were not taken. Antiquated systems and methods were used. They are not alone. For example, by using e-mail for basic communications, organizations show that security of our information is not a priority. e-mail is ubiquitous, impossible to secure and easy to pervert. Subverting e-mail is often the key to many attacks. Viruses, worms, key-logging software and phishing attacks flood e-mail servers every second of every day and confidential information floods out. Far more secure options are available. Where is the outrage? If organizations want or demand our most sensitive information, they have a duty to protect it. Governments spend trillions around the world to defend citizens from terrorist attacks, yet do far too little to counter a constant stream of electronic assaults that bring misery to millions of us. We must demand better. At the very least, the guardians of our information must stay up to date to keep electronic hoodlums out of our cyber underwear. It is long past time to lock up our metaphoric house, bar the windows, install a state of the art security system, hire armed guards and let loose a pack of guard dogs into the yard. At least then we can say we did everything possible.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cavalier attitude to privacy aids cyber-bandits Audrey McNeil (Aug 07)