In 2013 alone, there were 253 cyber breaches of major organizations and over 552 million identities were exposed. 2013: it quickly became known as the year of the Mega Breach.
Earlier this week, GovLoop hosted an online training with leaders in the cybertech industry to discuss today’s cyberthreat environment.
Kevin Haley, director of security response at the cybersecurity firm Symantec, described 2012 as the year of the “spray and pray” approach where hackers would email as many people as they could within a company and hope someone fell for their spam. Since then, hackers have acted in groups in order to increase their efficiency.
The majority of breaches to individuals occur October through December or, as Haley labeled it, the “Christmas Shopping Season.” Haley says, “The attackers waited until they maximized the amount of credit card information they could steal.”
But the numbers are alarmingly high and retailers have failed to curve them.
Companies should provide more training to employees on how to prevent such breaches and what to do if your data becomes compromised. Of course, larger companies are more at risk than smaller ones, but Haley notes that even companies with only 1-250 employees still have a 1 in 5 chance of being targeted.
“The first thing you would do if you found out that 1 in 5 houses in your neighborhood were being broken into would be that you’re going to buy some extra locks, call the police department, and take a lot of steps to protect your home,” said Haley. “We have to go beyond just a lock on the door. We need additional locks.”
We tend to think that most security breaches are due to hackers; however, 29% of breaches are actually made public by accident. Haley stressed how there is a “big need to develop pipelines early on” in educating our youth on cybersecurity.
Recently, instances of malware from email and Facebook messages have steadily decreased. The public is savvier as to what malware looks like as we’ve stopped opening links that say, “Congratulations! You’ve won $10,000,000! Click here to collect your prize that definitely isn’t a virus!”
But the difficulty today is identifying phishing that is too deceptive to come across as blatant spam. Haley described schemes so elaborate that even those trained in cybersecurity could fall victim. One includes an email from a familiar domain that asks for an invoice. Shortly after, the hacker calls your personal phone posing as a high-level manager and coaxes you into opening the attachment subsequently infecting your computer.
Another attack on personal computers is the ever-growing ransom attack, which grew by 500% in 2013. This attack consists of the hacker remotely locking your computer and demanding you use their online payment site to get it back.
Miss Teen USA, Cassidy Wolf, fell victim when she opened the wrong email and a hacker attempted to extort her. He had tapped into her keyboard, her files, and also controlled her webcam to her computer. Wolf took the right steps: she changed all of her passwords, didn’t comply with what the hacker wanted, and contacted the police as soon as possible; but now, she constantly lives in fear that it could happen again.
Many laptop users understand how to secure their information on their computer, but there is a huge gap between the security measures taken on a PC and on mobile devices. Many Instagram users recently downloaded an app called InstaLike, which promised to boost users popularity by about 20 likes per photo. The app used all users usernames/passwords to like everyone’s photos who downloaded InstaLike.
While the app didn’t directly infect phones with malware, few knew it was run in a crude area in Eastern Europe. “You have got to have good security on all of your machines and you have got to have them backed up,” warned Haley.
Here are some final tips to protect your information from the online training:
Prevention
- Change your password frequently. A common mistake is using the same password for every login you need. If someone finds out one of your username and password combinations, chances are they will try to use it everywhere they can.
- Know where you’re clicking. Even if the link appears to be valid you may want to research its origins. Do you know who sent it? What is the internet domain? Have you received a link like it before?
If You’re Hacked
- Quickly change your passwords, restart your computer and call the authorities. Sure, it can be a pain to talk to the support guys at Apple or change your credit card accounts, but 15 minutes can save you your life.
- Never adhere to what the hackers demand. Even if you were to comply, there is no chance they’ll give you your information back. Let the authorities do the work.
Click here to watch the full webinar.
Leave a Reply
You must be logged in to post a comment.