Somebody’s Watching Me

July 8, 2011 at 1:23 pm | Posted in Kaplan IT Training news, Vendor news | 1 Comment
Tags: cybersecurity, gangsters, Security+

I always feel that somebody’s watching me (and I have no privacy)

The news has been pretty scary lately. Renegade hackers have been attacking companies left and right. If, like me, you assumed these hackers were a bunch of very intelligent teenagers with a lot of time on their hands, then you, like me, would be wrong. Much more sinister forces were, and still are, at work.

Take Hyundai Capital Service, for example. The company faced being extorted by hackers who wanted money and threatened they would release confidential information. Luckily, the police made arrests. Since then, the CEO of Hyundai Capital Services, Ted Chung, has changed the way things work. He now sees the IT department as central to everything the company does. He learned about the company’s network architecture, its security infrastructure, and the tradeoffs between data protection and customer satisfaction.

Over a decade ago, documentary film maker Michael Moore created a show named “TV Nation.” On one episode he challenged the CEOs of various companies to use their own company’s product. It was shown that very few of the CEOs could actually use their own products. It’s a rule that executives of large corporations are charged with creating value for their stockholders. But I wonder – how many CEOs take an interest in the security of their information like Ted Chung does? How many CEOs can and would “use their own products,” so to speak?

In your typical mob movie, business owners pay gangsters “protection” money so that employees can keep their jobs, and concerns about safety are addressed by locking your doors when the sun sets. In our corporations, we don’t have guys with oily hair and pin-striped suits pointing Thompson machine guns; we have hackers from any corner of the globe looking for quick cash. Unlike paying off the mob, when the hackers are successful it may mean many people lose their jobs and locking your front door isn’t going to protect your personal information from getting into the wrong hands. Concerns like these are keeping us from widespread adoption of cloud-based services, for one.

Another frightening question: how often has a company been hacked and information stolen when the customer is never informed of the breach? Have you ever gotten a letter from your credit card company telling you that “sometime last year” your account was hacked – but not to worry, because they’ve finally fixed the problem? Privacy is no longer a given in the information age, but I still expect my personal data to be safe. I trust companies with my personal information, my digital information, and my money. I have a reasonable expectation that the harder you make it for me to access my own information (username, password, sitekey, security questions) the safer it should be from theft and hacking.

Recently, a company in Michigan who fell victim to an email message disguised as a legitimate bank notification sued Comerica Bank for the losses. Cyber-thieves took nearly $2 million from the company’s account, although they successfully wired only about half a million to offshore accounts. (Read more about it.) I am not a big fan of lawyers, but I hope that lawsuits like these will encourage the corporate world to be more proactive in protecting our data and our money.

Companies must invest in security. More importantly companies must train their employees in security. You may have watched a James Bond movie where the villain has all these high-tech tools to break in. In reality, bad guys still use the simplest ways to steal. Street criminals still prefer to use the classic “smash and grab” to steal property from cars because it’s effective. Cyber-criminals still use phishing schemes and social engineering to get at your data because it’s easy and effective. And in most of these cases, individuals can do a better job or protecting ourselves. What does that software that we downloaded from that funny web site actually do? Is it malware? According to Panda Security, there are 63,000 new malicious programs released per day. My stomach is starting to turn and my palms are beginning to sweat.

However, there is some good news amid all this doom and gloom. Before I finished writing this post, I got an email that says a long lost relative of mine has left me $1 million dollars (U.S.). They misspelled the word “dollars,” but I’m sure it’s legit. Right?