Besides being a
bad year in terms of air-disasters, 2014 has left some ugly scars in term of
cyber-hacks as well
The most
significant ones started with EBay hacks going back to Feb/Mar when user
credentials and critical info of 223 million users were siphoned off by the
hackers, with losses in tune of 145 million dollars for the company.
JPMorganChase was next in the line where hackers stole information related to
80 million household, and 7 million small to medium-sized businesses, one of
the largest breaches in banking history. iCloud hacks leaking private pics of
Hollywood celebs was another unexpected one in series
It was one of
most brutal attack on safety of user data when news of Target breach was aired,
with 110 million records of buyer information stolen from its servers ... total
cost of the breach has exceeded 150 million for the company. Data breach reported
from Home Depot was the last nail in coffin, with sensitive information stolen
for 56 million customers. And the list is endless, AOL, UPS, Yahoo Japan,
Staples
Hackers have
different way to capitalize on the stolen booty. Like in one case, hackers stole
the customers’ credit card data from P.F.Chang between March 2014 and May 19
2014, and then put it on sale for between $18 and $140, depending on how fresh
the stolen data was. The restaurant chain was forced to go low-tech and started
using old age manual credit card imprinting machines, until it invested
millions to upgrade its terminals to enforce strong-encryption algorithms
However, the
world won’t be same again for Sony Pictures. Whatever might have been the
reasons or intent, the copyrighted intellectual data in tune of 100s of
terabytes stolen from Sony servers, has shifted focus on the needs for IT
security. Taking a lesson from this catastrophic loss of Sony, hundreds of
industry majors are planning to put a greater volume of their budget spends (in
2015-2016) on taking preventive measures, to ensure safety and security of
customer sensitive and intellectual data
And it’s not
that companies don’t take a note of these breaches. They do, but they are
reactive in nature, and they don’t help in gaining back what is lost. Besides
sky-rocketing costs associated with these breaches, the worst loss for any of
these companies is the loss of customer confidence on that company's data
security measures and related policies. In the wake of increasing heat, maybe
Target decided to fire off its CEO, but it couldn’t help control its quarterly
losses, and the investors started looking for safer ventures
Taking a closer
look at these events, all these breaches are brainwork of implanting malware to
log keystrokes, gain backdoor access, some intelligent guesswork, brute-force,
cyber-sniffing blended together with some tailored tech advancements.
Significant %age of these factors rely on brute-force, and intelligent
guesswork based on patterns suggested by customized softwares. This is where we
all as an individual can give a tough fight. Most of our password are based on
plain words or names, at max combined with a number or two. Making our brain
lazier in remembering, we keep the same password for multitude of online
accounts, which in turn makes us more vulnerable. Making it a breeding ground
for attracting these unscrupulous events, we rarely think of changing our
passwords at frequent intervals. That’s all the hackers need for their perfect
world. Using a combination of special characters with alphabets and numbers,
and changing it at frequent intervals, are enough to give smartest of hackers a
good run for their money. Another rule of thumb is not sharing the password in
any event, unless it happens to be a shared account and there’s an absolute
need to retain shared access
The chosen few
of this post's readers, who also happen to be a technologist by profession,
have a great deal of role to play. Being a techie, we all can be watchdogs in
our individual role, to identify all possible breeding ground for these events,
and work towards filling all the potential gaps. Indeed, regardless of the
strongest fencing you do in terms of measures taken to avoid these attacks, one
cannot guarantee as foolproof fortification against any of these events.
However, we need to think about all possible ways to circumvent these in
advance, by being extra cautious about the security of user data we handle and
manage. This might require educating our customers to make them understand the
importance. In the event of customer not paying heeds to this, it will at least
avoid us from being in the same boat as USIS which came under fire when it
suffered a data breach. Reason for coming under fire : Being a contractor for
Dept. of Homeland Security, it had millions of records of information related
with citizens’ background checks, and other critical information
Its true that
we learn from mistakes, but sometime the cost related with a mistake is so
gigantic, that we can’t afford to commit. And in this case, every cognizant
effort taken towards securing our customer’s sensitive data, COUNTS !!!