Like everything it touches, the Internet has successfully democratized cyber risk, and the theft of personal information has become the #1 motive for most all cyber attacks today. This motive holds true across target size and industry sector and is independent of the final intent of the perpetrators. Unlike IT security threats of just a few years ago, the target of attacks in modern cyber warfare is focused on individuals and their personal information including that of employees, customers, patients, vendors, and business associates. This report examines how we got here, what the future holds, and provides context, framework, and suggested measures for organizations seeking answers to the emerging security challenges ahead.
The Democratization of Cyber Risk
Breaches at Target, Home Depot, J.P. Morgan, Anthem, Sony, and most recently the U.S. Government by way of the IRS and OPM have one thing in common; motive.
The targets are across economic segments and represent both public and private sectors. The alleged perpetrators range from Russian gangs to the Chinese and North Korean governments and militaries. Their ultimate intentions vary from profit by re-sale of the information to fraud, extortion, and political agendas including social pandemonium, but their attack motives are the same: the theft of personal information.
While we use well-publicized mega-breaches here for their reported facts, the common denominator of the motive being theft of personal information holds true across the vast majority of attacks today.
The Internet has become the platform for crime and warfare of the future, and now personal information is at the center of its exploitation.
How Did This Happen?
The Smartphone and mobile computing began the Internet's democratization of cyber risk by driving information, online activity, and value to the ever-expanding perimeter environments.
Internet “clouds” have been built to accommodate our seemingly insatiable appetite for rich, ubiquitous access to data but have made the diffusion of our personal information worse.
Big Data software can quickly sort, sift, and mine enormous volumes of information and in the hands of nefarious parties makes a powerful tool for data exploitation.
- BitCoin is driving crime online as a result of its anonymity, portability, and liquidity of wealth.
Cyber security has traditionally taken place at the enterprise level, with a focus on protecting server-centric system architecture under the management of an IT department. Now, the richest targets are individuals and their personal technology as they are the least defended and most vulnerable to attack.
What Does the Future Hold?
Moore's Law is driving change and after over a half-century of compounding, the exponentials phenomenon is truly kicking in. With the tipping-point being mobile computing, technology will increasingly surround our everyday lives and be part of most all of our regular, daily activities.
IOT – The Internet of Things. By average estimates, Internet-connected device count is doubling every year and a half. The devices are increasingly “smart” and “aware”, and collect massive amounts of individual-oriented data that will be added to the exploitation of personal information for criminal activity.
Datafication is a new term and is used to describe the trend driven by BigData software to turn many aspects of our life into data to transform the information into new forms of value. For hackers, this means stealing, collecting, and curating personal information for the assembly and deployment of highly engineered attacks across large volumes of targets.
Digital Currencies are here to stay and with new platforms being built by IBM and others, any major currency will have the anonymity, portability, and liquidity as bitcoin, but without the need for bitcoin itself.
What Can You Do About It?
When considering raising awareness, implementing tools, and finding solutions for addressing the personalization of cyber risk, we recommend an approach based on four fundamentals.
The Four Fundamentals of Cyber Security
1. Protect the Device – Smartphones, laptops, pads, tablets, and about anything that connects online should be protected using state-of-the-science device protection solutions.
Fortunately, recent innovations have brought high-quality and effective protection systems that once were available only to large, server-centric networks, and made them available to individuals and their devices to function securely in all environments and over any networks.
For a short video explaining state-of-the-science Device Protection, please click here.
2. Protect the Connection – Once the device connects online more defenses are required to protect the information transmitted over the Internet.
In addition to device protection, each individual device should have a VPN, or Virtual Private Network, for automatic encryption of all outbound Internet traffic. A good VPN will protect the user’s identity, location, browsing, shopping, banking, and all information transacted online, including over public WiFi networks.
For a short video explaining how a VPN and encryption works, please click here.
3. Privatize Your Email – In many cases, email is the “barn-door” for stealing and accumulating personal information and is still considered "attack vector #1."
Unfortunately, especially in the U.S., email is expected by many consumers to be “free” and has distracted us from some of the basic notions to the value of privacy today. Pay for and use a service that automatically strips IP location and metadata information from individual emails as they travel the Internet and that are off the grid of "free" email servers that are honeypots ofr criminals around the world.
For a short video explaining how a Private Email service operates, please click here.
4. Protect and Backup Sensitive Documents and Files – Remote backup services are easy and cheap, and the convenience of the cloud is great, but critical documents deserve a digital vault.
For scanned passports, social security cards, birth certificates, wills, trusts, tax returns, and the other documents that are core to our personal lives, easy-to-use but highly secure digital vaults act as a safety-deposit-box for sensitive documents.
For more on Digital Vaults, please click here.
For a short video explaing The Four Fundamentals of Cybersecurity, please click here.
Moore's Law has driven mobile computing power to the fringes of the internet bringing our information along with it. Criminals and hackers will continue to exploit the information to an ever greater degree by leveraging the power of Moore's Law to their advantage well into the future.
As the Internet democratized cyber risk through the power by Moore's Law, so too is it democratizing sophisticated IT security technology. Fresh capital is being drawn to the cyber security industry and a new breed of entrepreneurial companies are introducing remarkably effective products. Solutions are increasingly software-defined, "smart", and require little or no user input or IT expertise. With some awareness and proactive decisions, risk can be managed and significantly mitigated at very affordable prices.
Stay tuned as we follow the industry and report on the best solutions available to individuals, families, professional practices and small businesses.
For a short video, "What We Do", please click here.
If you would like more information to protect yourself, your family, professional practice or business, please contact us here: