Corporate Data Breaches: What They Mean for Us

Entrepreneurship, Media

Part III in a series on personal online security. Parts I and II can be found here and here.

sony-hacked-again-1

 

What’s it gonna take?

That’s the question we’re all asking after the countless cyber attacks on the world’s most powerful corporations. The Sony Pictures hack got a lot of attention for the 47,000 embarrassing executive emails and celebrity Social Security numbers dumped onto the Internet. But check out this list of high-profile hacks and how many records were breached:

  • Michaels Stores, Inc. — 2 million
  • JP Morgan — 83 million
  • Home Depot — 109 million
  • Target — 110 million
  • eBay — 145 million
  • Adobe — 152 million
  • Court Ventures (Experian) — 200 million

We’re talking credit card data, home addresses, checking account numbers–everything an identity thief dreams of at night.

For this post I had planned on listing all the household-name companies hacked in recent years. But it would be way easier to list the handful that weren’t hacked. One prominent cyber security analyst claims 97% of all companies have had their servers broken into.

What’s it gonna take for them to do better?

Actually, that’s the wrong question. We now know the biggest, most powerful companies don’t have our backs regarding Internet security. We also know, by the sheer scale of these attacks, that we have all been touched by these crimes, if not directly, then via someone close to us.

So, the real question is, What’s it gonna take for us to take better care on our own initiative?

(Image:  yuhootech.com)

Time: “Why You Should Change Your Amazon Password Now”

Entrepreneurship, Media

Part I in a series on personal online security. Parts II and III can be found here and here.

keep-calm-and-change-your-password- 400x467

“Why You Should Change Your Amazon Password Now”

So says the headline of a recent Time magazine article. The word “now” sure makes for provocative news. The article begins, “Hackers said Friday that they leaked data associated with 13,000 accounts on Amazon, XBox Live and other sites.” The writer concludes, “[This] news should underscore how important it is to change your passwords frequently.”

But is this just alarmist rhetoric? Should we really worry about such a small number of victims?

Online retailers say we have nothing to fear. Not only was the number of victims small, the 13,000 were spread out amongst 14 different retailers, not just Amazon. Some might point to the much larger 2014 Home Depot hack as cause for concern (56 million credit card numbers stolen). But the online retailers say the Home Depot crime wasn’t actually a “hack,” per se. In that attack, credit card info was stolen from Home Depot’s self-checkout machines in physical stores, not from the company’s computer database.

In other words, according to the spin doctors, cyber security is sound. They might admit the 2013 hack of Target was large (40 million credit card numbers stolen), or that the Sony hack of 2011 came with high costs for the company. But Sony, Target, Home Depot, and any big company watching the fallout of their hacks, have cried, Never again! They’ve elevated their cyber security. They declare online retailing to be safe–or even safer than–shopping in a physical store.

That’s plain wrong.

In a recent segment of CBS 60 Minutes, cyber security expert Dave DeWalt says “97 percent–literally 97 percent of all companies–are getting breached.”

What a mind-blowing figure. And DeWalt should know. Target has hired his security firm, FireEye, to prevent future breaches. “Even the strongest banks in the world . . . can’t spend enough money or hire enough people to solve this problem,” he says.

Perhaps the real takeaway from the 60 Minutes piece was that “80 percent of security breaches involve weak passwords. One of the most common is: 123456.” In other words, 80 percent of the passwords now in the hands of criminals were absurdly weak to begin with. Or, rather, 80 percent of us are still using passwords the way we did in the 1990s: simplistic, easily remembered (aka, easily guessed by strangers).

DeWalt says, “The days when we our username and password is our son or daughter’s name, or our cat or our dog, is not enough security to thwart today’s hackers.”

So, don’t just “change your passwords now.” Make them stronger.

My next post: Password managers, or Doing Passwords Right