This week, the information of tens of millions of philandering spouses has been exposed by hackers of the adultery website AshleyMadison.com, and while there isn’t much sympathy for this batch of victims, how vulnerable are the businesses that do have your personal information?
In addition to the Ashley Madison breach, major corporations like Target, Sony and Home Depot have fallen victim to hackers, as has health insurance giant Anthem. With so many of our daily transactions conducted in cyberspace, the opportunities for our data to be compromised are plentiful.
“This is a huge issue and it seems to be getting worse and worse and worse. Once you have companies like Target, Sony that start getting breached, and these are companies that have incredible security, then we know that there is a very big problem,” said Tyler Cohen Wood, a cyber expert who is also cyber branch chief for the Department of Defense. She is also the author of “Catching the Catfishers: Disarm the Online Pretenders, Predators and Perpetrators Who Are Out to Ruin Your Life.”
Wood says because almost all of us take part in electronic transactions, almost all of us are at risk.
“It is effecting pretty much everyone and one of the worst thing about it is there is not a ton that the average consumer can really do to protect their information when they’re putting it out there on these types of websites,” said Wood.
According to Wood, hackers will prey on any system where they can find an opening.
“Hackers target companies of all shapes and sizes. Often times, unless there’s an ideology behind it, like in the Ashley Madison case, they’re typically going to go for the lowest hanging fruit. So they’re going to find a way in, and it’s getting harder and harder for companies to find where the lowest hanging fruit is,” said Wood, who explained the unlikely manner in which a major retailer was breached.
“Target was actually breached through a remote HVAC system. The lowest hanging fruit there was an unsecured HVAC system, where they were able to steal credentials and get into the system,” said Wood.
The greatest damage is done to companies that fail to discern a breach until long after it happened.
“Often times, companies don’t necessarily know that they’ve been breached for a few months. So a lot of times they just don’t know so we don’t hear about it until months, months later,” said Wood.
There are some bright spots in this challenge, however. Wood says the recent spate of high-profile hackings has corporate leaders focused on making sure it doesn’t happen to them or their teams.
“I think a lot more higher-level executives are taking notice and getting involved. This is no longer just an issue where your IT department can step in and do all of the security. Now you have employees who are using devices to connect into your network. All employees have to be educated about the threats and the risks that they could potentially be posing to their corporate network as well,” said Wood.
Another encouraging sign, she says, is that better security will soon be available for our credit cards.
“There’s also something that’s coming in October called the new PIN and chip cards. These cards are actually going to help consumers because, when you use them, the information is stored in a chip. When you add that with a PIN, it is much less likely to be hacked,” said Wood. “The Federal Reserve says that it makes the transaction 700 percent more secure.”
Although greater corporate vigilance and heightened credit card security are likely bring greater consumer protection, Wood says individual Americans need to be very careful to avoid offering help to hackers in our online posts.
“One of the big problems is that people take for granted that they’re completely anonymous or they have complete privacy when they’re posting things because they’re sitting behind a keyboard,” said Wood.
Wood says it’s smart to check every online communication for any information that doesn’t belong in cyberspace.
“People really need to take a different way of looking at this issue and really think that anything that you put out there is not necessarily private. Anything that you do put out there could potentially come back and haunt you one day,” said Wood.
