infoTECH Feature

July 05, 2016

The Big One: Protecting Good Users in a Hackable World

By Special Guest
Lisa Baergen, Director at NuData Security

A recent article in New York magazine about a hypothetical “Big Hack” in NYC in the near possible future transports the reader into what is an entirely plausible and nightmare scenario reflecting our current state of near nudity when it comes to our digital security. In a description that evokes scenes from Stephen King’s (News - Alert) 1980s cult classic, “Maximum Overdrive,” writer Reeves Wiedeman weaves a terrifying narrative. Vehicles are hacked into, causing seemingly random crashes, municipal utilities go down, and hospitals find their medical records inaccessible.

Likewise, if you’re a big retailer or bank relying on customers to pound down the door demanding that you beef up your security, you’re most likely just hearing a faint whispering from the small few who raise their voices. That doesn’t mean you’re off the hook though. Customers may be oblivious about your security measures, but they do care that you have them and will take their business elsewhere if they get a whiff that you’re not protecting them.

On that note, while hacks like this might be a nightmare, let’s back up a little. In order for this entirely plausible hack to occur, first there were malware, Ransomware, intrusions, and lurking. Lots of lurking. Each instance of potential hacking in the article stems from a real-life example that has occurred in the past several years. A cyber attack on a fictional hospital, for instance, is inspired by a Los Angeles hospital that paid about $17,000 to Russian hackers to get back into their system. Tales of malware and Ransomware attacks are interwoven with blocked elevators and city office buildings brought to a standstill in an almost apocalyptic cyber attack.

This cautionary tale underscores a key aspect of data breaches – they don’t exist in a vacuum. There is a ripple effect when a breach occurs, one that can have far-reaching consequences. The attacks often happen AFTER the breach.

Sure, usernames and passwords can be changed, juicy targets (like banks, e-trailers, govs and healthcare) are beginning to understand that every little bit of information is prized for the identity lever the fraudster can pull later on with account based attacks.

Bits of data pilfered in breaches can sit dormant for months or years until more data gets stolen and combined into “identity bundles.” These bundles are sold on the Dark Web – the more complete the information, the more valuable the bundle, and the more potential for identity fraud in the future.

Look at the recent LinkedIn (News - Alert) breach, for instance. We’re already seeing stories about the secondary compromises being blamed on the LinkedIn breach. It’s obvious that traditional security measures aren’t sufficient for today’s world, let alone the future.

This is exactly why behavioral biometrics and analysis are so needed, and so successful. Truly verifying the authentic user is the only way to protect sensitive information. With this information in place, companies have the tools to identify whether a user is the genuine user or not. As a result, that stolen data can be rendered useless – and who’s going to want to take the time and energy to orchestrate a breach when there’s no payoff?

Although Wiedeman’s story is fictional, it’s not at all far-fetched. We’ve seen what can happen, and fraudsters are only going to become more tenacious. Fortunately, there’s still time for us to protect ourselves before a crisis occurs. It’s time we put a stop to the fraudsters by devaluing the sensitive information they’re pursuing and render their “prize” worthless.




Edited by Alicia Young
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers