Ladies and gentlemen, welcome to the twenty-first century where data is the new currency. And like any type of currency, there are thieves who prey on the vulnerable, waiting to exploit the perfect opportunity to rob them blind. Dangerous dark alleyways and parking lots have now evolved and moved into the deepest recesses of the worldwide web—thieves now wait to jump from the darkest corners of the web to infiltrate our systems, our devices, and our private information to exploit us and rob us blind.
In this week’s news, we witnessed another industry giant being brought to its knees through failed cybersecurity efforts: Uber has now joined the long list of giants that includes BlueShield, Ashley Madison, Home Depot, J.P. Morgan, eBay, Target, and more. And what do they all have in common? Data. In fact, the reason I have listed such a diverse group of organizations is to illustrate that nothing is safe: from home renovations, to health insurance, to discreet connections, they all resulted in one inevitable end—a breach in security.
I really don’t want to dwell on Uber, nor do I want to make excuses for these organizations as their security breaches have been done to death in the press already. Even so, the latest so-called victim in the cyberwar is an example of human nature at its best in terms of how cybercriminals operate.
Aside from the question of technology—I sincerely feel that this breach could have been avoided with the technology that we implement daily, but I digress—the topic here is more about the human element. Pride and misguided embarrassment are the tools leveraged by these cybercriminals.
Imagine this scenario: a middle-aged man or woman is sitting in their office diligently working away on their latest project. An email from a friend is deposited in their inbox with a link, inviting a visit. Now, anyone on any day probably receives several of these. The point? Nothing out of the ordinary … right?
Wrong. Here is the reality of this scenario. The originating sender’s email has been compromised and is being used as a dissemination tool for malware. When the email lands in the target’s email inbox and is promptly clicked on as no threat is considered, the result is an immediate ransomware attack along with the locking of the screen to display a pornographic image. Now, the hook has been set. The poor person that clicked on the link must now weigh the possible outcomes: pay the ransom fee to potentially unlock the computer, or suffer the embarrassment of the image, the situation, and the self-blame for the attack.
So, what can be done? Firstly, there is the technology and security aspect. Having safeguards at all levels of IT infrastructure is paramount for any business or organization. But, more importantly, education is key. Educating IT personnel so they know and understand the latest threats and mitigation techniques, training for worst-case scenarios in how to manage a data breach or attack, and, finally, ensuring everyone understands the human factor so they are not embarrassed, but rather diligent and self educating.
Cybersecurity is the new reality. We must all live and breathe it everyday in our professional and personal lives. In our new, data-driven lives, the term “due diligence” has taken on an entirely different aspect. This is our new world, and it has been proved to be Uber dangerous!