Hackers are pushing the envelope every day for new ways to exploit their targets, so relying on threat assessments, policies and testing done one, two or more years ago is sheer folly
New York, NY (PRWEB) February 12, 2013
When news stories like the recent ones about places like the Federal Reserve and the Department of Energy being hacked come to light, they get a lot of attention. After all, one is responsible for the monetary stability of the nation, and by extension the world, and the other is immersed in the nuclear arena, everything from radioactive waste to our nuclear weapons program. But it was not money or “power” they were after, it was PII (Personally Identifiable Information). Global Digital Forensics (GDF) founder, Joe Caruso, shares some insight on some of the dangers posed by compromised PII and some solutions which can help businesses protect themselves, their clients, their vendors and their employees.
What can compromised personal information be used for?
“Well first, there are many kinds of personal information which can be can be valuable to a cyber attacker, and there can be just as many motives as to why an attacker would go after it. Take the Federal Reserve intrusion for instance. The first thing that comes to mind when you hear the name of the target is some kind of mega cyber-heist, like maybe they wanted one of those trillion dollar coins the Fed minted,” Caruso said with a grin. “But his wasn’t about money, it was about hacktivism, both as an exercise of retaliation and a show of solidarity in honor of Aaron Swartz in this case. And it was a shrewd move by the Operation Last Resort crew, which took credit for the attack. They published the names and contact information of over 4,000 bankers from an emergency contact list they accessed. And in today’s economic climate, bankers are not real high on the general public’s empathy radar, so they got their point across, stirred up some fear, flexed some muscle and come out of it with more of a Robin Hood perception than that of a brutal home invader. But the damage is done, now those bankers are at risk, they can be targeted for everything from identity theft, to precision spear phishing attacks which could have grave consequences for the financial institutions they are affiliated with and which we all rely on, not to mention the possibility of some nut-case showing up at their house and doing God knows what. Social Security numbers, addresses, phone numbers, email addresses, account numbers, credit card information, it’s all dangerous in the wrong hands.”
Who’s at risk?
“Everyone. The organization storing the information stolen typically takes the most public hit from this type of data breach. They’ll be the ones taking the lumps of lost public trust and business integrity, regulatory compliance and reporting nightmares and all the financial consequences which come with it, from lost revenue and lawsuits, to fines and other associated costs like investigations and legal fees. On the other side of the coin are the victims now at the mercy of the attackers - vendors, clients, employees, and anyone else whose information was ultimately compromised. But their suffering usually doesn’t make the headlines until a lawsuit with lots of zeroes becomes involved. The class action filed against Sony soon after the breach of their PSN network in 2011 had nine zeroes in the damages they were seeking.”
How can organizations protect themselves?
“Regular cyber threat assessments and penetration testing are crucial. Hackers are pushing the envelope every day for new ways to exploit their targets, so relying on threat assessments, policies and testing from one, two or more years ago is sheer folly when applied to today’s more advanced threats. Things like social engineering, the explosion of personal mobile devices being integrated and used in the workplace, cloud computing and cross-platform malware and spyware all have to be weighed and measured against today’s threats. We help clients on all those fronts by having our cyber security specialists design solutions from the ground up after a thorough examination of the client’s digital landscape, reviewing their policies and procedures and providing detailed remediation steps to plug as many holes as possible.”
“Since we will be the first ones to tell you that no cyber defense plan can stop every possible threat, like previously undiscovered zero-day exploits for instance, should the unthinkable occur, we can instantly transition to emergency incident responders which will already have a tremendous advantage to quickly identify, stop and remediate the attack by already having an in-depth knowledge of the client’s entire digital architecture, business functionality needs and regulatory compliance requirements by having done the threat assessment and testing beforehand. And with our network of responders strategically positioned across the US and internationally, we can get experienced, professional help to the client site as quickly as possible to minimize the damage and tame the aftermath.”
*Global Digital Forensics is a recognized industry leader in the fields of cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if once a cyber incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.