Today’s instalment of doom and gloom from the cyber front-lines.
So Snapchat, purveyor of self-destructing genital imagery, fell foul of phishing this week. Thankfully for the world’s teenagers, it wasn’t user data that was compromised (this time – remember the Snappening?) Instead some poor soul in their HR department was hit with the now hackneyed “urgent email request from the CEO” routine and handed out confidential payroll information. I know I’m a broken record on this, but 1) TRAINING and 2) payroll data is personal data is a breach is a potential €20m fine under the new GDPR regime. 2018 is sooner than you think, and training programmes and culture change take time.
Gemalto’s Breach Level Index says 707m (yes, million) personal data records were breached last year. That’s about 10% of the world population. And that’s based only on known breaches, and only counts known quantities of compromised records. And it’s only one year – in 2014, the known total was over a billion. The real number will, therefore, be much higher still. On the balance of probabilities, your data was breached. The main sources of breach were government agencies – although the largest single breach, with 10% of the total, was US health insurer Anthem. The more data they collect, the more data will be breached.
Apple has won a minor skirmish in its battle with the Fed to protect user data on phones from government intrusion. A NY Federal judge, James Orenstein, has ruled that the legal mechanism being used by the FBI to force Apple to unlock or otherwise compromise user devices is unconstitutional. His words: “I conclude that the constitutionality of such an interpretation is so doubtful as to render it impermissible as a matter of statutory construction.” This puts a pretty substantial spoke in the FBI (and others’) use of the All Writs Act both to gain access to encrypted or secured data, and to try and force the creation of a backdoor in future encryption. Given that 1.7 billion records were breached over the last couple of years despite the existence of proper encryption, the last thing we need is any weakening of the available protections.
Akamai reports that DDOS attacks are up 169%. Translated, that means that more bad guys are using more compromised machines to take down more websites for fun and profit. Lessons from this? Firstly, if your business depends on your website, ask your hosting provider what DDOS protection you have in place and how much it costs when it’s operating. Secondly, the hackers only have access to compromised machines because our own security is weak. Home users are the main target, so help protect yourself and others by including cyber-security for personal kit in your regular security awareness training for your staff.