Advertise

ABTV

11/20/2017
05:51 PM

Curtis Franklin
Curt Franklin

0 comments
Comment Now

50%

It's Inevitable: You've Been Hacked

If your personal information is available on the Internet, you should assume that a hacker has it.

The notion that every organization has a perimeter that has been breached isn't new. And much of modern security is how to deal with that. But take it a step further: What do you do when every employee, customer and partner has personal info that has been hacked?

That's the question posed by a press conference given by members of the agencies fighting cyber crime in the UK. Peter Goodman, the National Police Chiefs' Council lead for cyber crime, reported that his personal information has been stolen three times [registration required] and that virtually every computer user in the UK has had personally identifiable information (PII) stolen and sold on the dark web.

For those fighting against PII theft and other cyber crime, the idea that everyone's information is already on the dark web is disheartening, akin, in some ways, to declaring that the security war has already been lost. It's not impossible, though, to find those who aren't ready to wave a white flag and succumb to depression when it comes to computer security.

Some gain their optimism from a sense that the scale of information loss has been over-stated. In a statement to Security Now, the CEO of High-Tech Bridge, Ilia Kolochenko, said, "Digitalization has become an inalienable part of our everyday lives. Even people who have never used a PC or a smartphone have their personal data stored and processed somewhere. Cybercrime is skyrocketing, and the vast majority of digital systems have been breached. However, I think that it's technically incorrect to say that every person was hacked, as our common notion of 'hack' implies at least some motive and targeting."

This notion, that there hasn't been specific targeting involved with absolutely everyone's information, is part of what gives others hope, as well. In conversations this author has had with a number of cybersecurity professionals, many have expressed the opinion that there is now so much basic information out on the dark web that any given individual's chances of being a victim are still small. Think of it as the "bait ball" theory of cyber defense.

And that brings us to the "what does this mean for my organization?" part of the proceedings. One of the big things is that basic PII has little value for most criminals; the valuable information is all of the enriched data that comes from specific financial or healthcare records. Those, then, must be highly protected precisely because they contain the sort of data that allows for targeted attacks against individuals.

Because a given individual might still be the target of an attack, security systems must be even more vigilant about recognizing and responding to account breaches and mis-uses. Recognition, response and mitigation must be built into systems -- and especially automated systems -- so that they will be able to prevent criminal activity from becoming catastrophic for individuals and organizations.

In one sense the war is, indeed, lost. If information is accessible from the Internet, the only safe assumption is that it can be accessed by unauthorized individuals. Intelligent use of automated systems will mean that access doesn't become loss -- and that the vast bait ball of Internet users swims on, undisturbed.

Related posts:

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Staffing & Training a Cyber Incident Response Team

DevOps: Innovating with Speed, Security, and Quality

More Webcasts

White Papers

Wired vs. Wireless LAN Solution

NDaaS 101

More White Papers

Reports

Online Threats -- and What Your Org Can Do About Them

[Special Report] Remote Network Management

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 8/10/2020

Pen Testers Who Got Arrested Doing Their Jobs Tell All

Kelly Jackson Higgins, Executive Editor at Dark Reading, 8/5/2020

Researcher Finds New Office Macro Attacks for MacOS

Curtis Franklin Jr., Senior Editor at Dark Reading, 8/7/2020

Live Events

Webinars

Expert led sessions and real networking - Join us at Data Center World 2020: A Virtual Experience

Collaborate With IT Industry Leaders at Interop Digital, Oct. 5-8

More Informa Tech Live Events

White Papers

DevOps for the Database

Wired vs. Wireless LAN Solution

NDaaS 101

2020 State of Malware Report

Special Report: Why Performance Testing is Crucial Today

More White Papers

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: The superior method of sandboxing called "sandcastling" involves having the user detonate the malware.

Cartoon Archive

Current Issue

Special Report: Computing's New Normal, a Dark Reading Perspective

This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Changing Face of Threat Intelligence

This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!

Download Now!

The Threat from the Internet—and What Your Organization Can Do About It

0 comments

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

0 comments

State of Cybersecurity Incident Response

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-9079
PUBLISHED: 2020-08-11

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.

CVE-2020-16275
PUBLISHED: 2020-08-10

A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.

CVE-2020-16276
PUBLISHED: 2020-08-10

An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.

CVE-2020-16277
PUBLISHED: 2020-08-10

An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.

CVE-2020-16278
PUBLISHED: 2020-08-10

A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]