BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Cavalier attitude to privacy aids cyber-bandits

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 29 Jul 2015 19:04:02 -0600
http://www.vancouversun.com/opinion/columnists/Wells+Cavalier+attitude+privacy+aids+cyber+bandits/11251103/story.html

Imagine coming home to find a stranger’s hands have rifled your financial
records, rummaged through your medicine cabinet, removed family photos and
ransacked your underwear drawer.

You feel violated and enraged.

At first, the police are sympathetic, but soon, their attitude changes. You
went out to shop for a few hours. The house was left wide open, all the
doors and windows ajar. You didn’t bother with a security system and you
don’t have a dog. Also, there has been a rash of burglaries in the
neighbourhood, which you are aware of.

Pretty stupid, right? This sounds like an urban fable. Unfortunately, for
online communications, the tale is too true.

We have all seen headlines about hacking attacks. It seems distant and not
relevant — but it is, and in the most intimate way possible.

Right now, there might be someone looking through your financial and
medical records, copying your personal files, reading your e-mail and
collecting information on your family.

It could be Chinese cyber spies, the Russian mafia, our own homegrown
criminals, your friendly network administrator or that precocious kid next
door.

The World Wide Web is just that — worldwide.

Previously, bandits at least had to travel to get to you. Today, they never
even leave their cosy cubicle or bedroom. Once the baddies have your
information, you can be hurt again and again — for years.

We regularly give out our personal information or are compelled to provide
it. We trust that those we give it to will protect it. But do they?

On June 17, Canada’s federal government websites and e-mail were down for
nearly two hours. Anonymous claimed responsibility. The group reportedly
says that everything (they found) in the database was stored in plain text,
or unencrypted.

On June 4, the U.S. government announced that its networks had been hacked
for up to a year, probably compromising the personal data of 21 million
current and former federal workers.

Sony was hacked in 2014.

Data released included personal information about employees and their
families, emails, executive salaries and unreleased films. According to one
report, attackers erased nearly half of Sony’s personal computers, more
than half of its servers, and destroyed their startup software.

The list of incidents goes on and on.

These are the Canadian and U.S. governments and one of the world’s largest
technology companies. Yet elementary precautions were not taken. Antiquated
systems and methods were used. They are not alone.

For example, by using e-mail for basic communications, organizations show
that security of our information is not a priority. e-mail is ubiquitous,
impossible to secure and easy to pervert. Subverting e-mail is often the
key to many attacks. Viruses, worms, key-logging software and phishing
attacks flood e-mail servers every second of every day and confidential
information floods out. Far more secure options are available.

Where is the outrage? If organizations want or demand our most sensitive
information, they have a duty to protect it. Governments spend trillions
around the world to defend citizens from terrorist attacks, yet do far too
little to counter a constant stream of electronic assaults that bring
misery to millions of us.

We must demand better. At the very least, the guardians of our information
must stay up to date to keep electronic hoodlums out of our cyber
underwear. It is long past time to lock up our metaphoric house, bar the
windows, install a state of the art security system, hire armed guards and
let loose a pack of guard dogs into the yard.

At least then we can say we did everything possible.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: