Breach Fatigue: Don’t Be a Victim

Data Breach, Data Fatigue, Securauth

 

In recent weeks, the largest bank in the United States, JP Morgan Chase & Co., has fallen victim to cybercriminals.

Last Thursday, JP Morgan unveiled that hackers obtained stolen information from their customers.  This included personal information such as names, addresses, phone numbers, and e-mail addresses from over 76 million households and 7 million small businesses.

Scary, right?

One would think.

According to a recent article from The Washington Post “Data breach fatigue follows two cyber intrusions”, author Sarah Halzack shares insight on how consumers are not as worried about data breaches as they should be.   There is a constant increase of consumers ignoring notifications of a potential data theft crisis. In addition, the majority of these consumers did not stop doing business with companies that have been hit by cybercriminals.

Consumers need to over come this breach fatigue, and here’s why:

With 579 data breaches just this year, cybercriminals are on the rise.  With crucial information such a passwords or credit cards numbers, cybercriminals may have direct access to one’s financial accounts. Although this is not the case for JP Morgan, an identify theft can lead to many more opportunities for attack.  According to “Your JPMorgan account got hacked. Now what?”, author Danielle Douglas-Gabriel shares her concerns that although the JPMorgan hackers do not posses any “critical” information from its users (i.e. passwords, user ID’s or credit card numbers), consumers still need to be aware.  All a hacker needs is a user’s email account to gain access to so much more.  By simply having access to one’s email, a hacker can create authentic looking emails from banks asking for more critical customer information. And in the blink of an eye, your identity is stolen.

So, are you protected?

As the age of Internet and mobile devices is upon us, one needs to be proactive in securing their identity.  There are many different types of breaches and many different solutions that help protect against those breaches.

One way to protect yourself from phishing emails is to never share sensitive data throughout the cyber world.  For more great tips on preventing phishing scams, check out Lisa Eadicicco’s article on avoiding phishing scams, “How to Avoid Phishing : 8 Tips to Protecting Your Digital Identity.”

Another way to prevent a possible cybercriminal attack is by using a 2-factor authentication solution.  By applying an additional level of security, it ensures an additional level of protection. More than merely a password is necessary to gain access to one’s account.

So, as we inch closer and closer to a completely virtual world, consumers need to be aware of breach fatigue, the consequences it has in store, and how to overcome it.

 

http://www.pressherald.com/2014/10/07/data-breach-fatigue-follows-2-cyber-intrusions/

http://www.washingtonpost.com/news/get-there/wp/2014/10/03/your-jpmorgan-account-got-hacked-now-what/

http://scamicide.com

 

 

 

Breach Fatigue: Don't Be a Victim

Data Breach, Data Fatigue, Securauth

 

In recent weeks, the largest bank in the United States, JP Morgan Chase & Co., has fallen victim to cybercriminals.

Last Thursday, JP Morgan unveiled that hackers obtained stolen information from their customers.  This included personal information such as names, addresses, phone numbers, and e-mail addresses from over 76 million households and 7 million small businesses.

Scary, right?

One would think.

According to a recent article from The Washington Post “Data breach fatigue follows two cyber intrusions”, author Sarah Halzack shares insight on how consumers are not as worried about data breaches as they should be.   There is a constant increase of consumers ignoring notifications of a potential data theft crisis. In addition, the majority of these consumers did not stop doing business with companies that have been hit by cybercriminals.

Consumers need to over come this breach fatigue, and here’s why:

With 579 data breaches just this year, cybercriminals are on the rise.  With crucial information such a passwords or credit cards numbers, cybercriminals may have direct access to one’s financial accounts. Although this is not the case for JP Morgan, an identify theft can lead to many more opportunities for attack.  According to “Your JPMorgan account got hacked. Now what?”, author Danielle Douglas-Gabriel shares her concerns that although the JPMorgan hackers do not posses any “critical” information from its users (i.e. passwords, user ID’s or credit card numbers), consumers still need to be aware.  All a hacker needs is a user’s email account to gain access to so much more.  By simply having access to one’s email, a hacker can create authentic looking emails from banks asking for more critical customer information. And in the blink of an eye, your identity is stolen.

So, are you protected?

As the age of Internet and mobile devices is upon us, one needs to be proactive in securing their identity.  There are many different types of breaches and many different solutions that help protect against those breaches.

One way to protect yourself from phishing emails is to never share sensitive data throughout the cyber world.  For more great tips on preventing phishing scams, check out Lisa Eadicicco’s article on avoiding phishing scams, “How to Avoid Phishing : 8 Tips to Protecting Your Digital Identity.”

Another way to prevent a possible cybercriminal attack is by using a 2-factor authentication solution.  By applying an additional level of security, it ensures an additional level of protection. More than merely a password is necessary to gain access to one’s account.

So, as we inch closer and closer to a completely virtual world, consumers need to be aware of breach fatigue, the consequences it has in store, and how to overcome it.

 

http://www.pressherald.com/2014/10/07/data-breach-fatigue-follows-2-cyber-intrusions/

http://www.washingtonpost.com/news/get-there/wp/2014/10/03/your-jpmorgan-account-got-hacked-now-what/

http://scamicide.com

 

 

 

UPS Hacked!

UPS hacked!

“It was the best of times, it was the worst of times.”

 

This famous quote from Charles Dickens’ classic novel, A Tale of Two Cities, gives insight into how two forces, like good and evil, are equal rivals contending for survival. The same goes for the world of cyber security. We have a world of information, convenience, and entertainment at our fingertips, and yet, in that world, there are dangers and possibilities to have valuable information stolen.

 

In Alex Roger’s time.com article, “UPS: We’ve Been Hacked,” Roger’s reports on the newest breach within The UPS. “The United Parcel Service announced Wednesday that customers’ credit and debit card information at 51 franchises in 24 states may have been compromised.” Rogers continues, “The malware began to infiltrate the system as early as January 20, but the majority of the attacks began after March 26.” Even though the breach was wide ranging, UPS assured that on August 11 the threat  was resolved.

 

UPS issued a public statement, “The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer. Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident.” UPS went on to say that it is safe to shop at all of the UPS branches.

 

As fiction continually tells us in pros and verse, good and evil will always be at odds with each other, just as Dickens foreshadows in A Tale of Two Cities. So what can we do about it? Well, our job is twofold. We need to be sure to follow the Password Best Practices (PBP) and petition applications and companies that we use on a daily bases to start supporting Two-factor.

 

Password Best Practices

 

Password Best Practice (PBP) is the easiest way to accomplish login security to your applications and portals to access private information. PBP gives practical advice on how to strengthen your password, how often to change your password, what not to do with your password, and much more. By enforcing and educating users on PBP, you are on your way to achieving stronger passwords and making logins more secure. PennState has done a great job outlining the Password Best Practices on their site. The article is a great resource and reminder of what we should be doing with our passwords.

 

What you can do to about Two-factor Authentication

 

You may ask yourself what you can do to ensure that private and person information is protected with two-factor. There are two things that one can do. First, if you have the sway and influence, there are identity management providers that provide usable two-factor, protecting against network attacks. Secondly, if you are only a user and have no influence in the IT Department, there is a great site that contains a Two-factor Authentication list. From this list you can send a direct request to those that are not currently supporting Two-factor Authentication. The list is a great way to see if your favorite applications and websites are doing their part in protecting your personal information from network attacks worldwide.

 

Even though we seem to be living in a constant state of “the best of times, it was the worst of times,” we can do our best to fight against the evil of stolen identities and by educating ourselves on Password Best Practices and petitioning companies to support Two-factor Authentication.

The IT Professional vs. The Deadly Data Breach

IT Professional vs. Deadly Data Breach

 

The Deadly Data Breach

We know it well, the Deadly Data Breach! So many people have felt the effects of a data breach, and so many companies are scrambling to protect the personal information they have on file. I am sure data breaches are on the minds of every IT professional that has kept up with the most recent breaches. No one goes unscathed by The Deadly Breach: P.F. Changs, Goodwill, Home Depot, and numerous schools.

Home Depot’s recent data breach reaches all the way back to April first of this year. According to Steven Weisman’s blog article, “Important Home Depot Update,” Weisman reports that “along with the credit card numbers and debit card numbers, the hackers also are selling the state and zip code for the particular cards.  This enables the hackers to defeat some fraud detection programs that pick up charges made from areas far from the home of the card holder.” This just covers up and prolongs agencies from discovering a security breach sooner. The Deadly Data Breaches just keep getting more deadly!

 

The Cost of The Deadly Data Breach

The cost of the deadly data breach doesn’t stop at the yearly budget meeting. There are many different costs when a breach strikes: the cost of private information, the cost of an organization’s reputation, and the actual monetary cost. Target’s data breach cost them $148 million dollars so far, and having more stores than Target, Home Depot will most likely exceed that number. At this moment in time, I do not envy the IT Professional and truly feel for them; thankfully, there are some great resources for IT Professionals. For example, Liisa Thomas’s book, Thomas on Data Breach: A Practical Guide to Handling Data Breach Notifications Worldwide, is a great resource for the IT Professional contending with The Deadly Data Breach.

 

What Can Anyone Do?

There are many things that both the IT Professionals and the end users may do to proactively protect themselves from having their identity stolen. In reference to the Home Depot breach, Weisman gives practical tips on protecting yourself from identity theft. Weisman’s blog Scamicide is a great resource on daily technical news and practical tips to protect against hacktivists.

 

  • Password Best Practices: These are a great place for the IT Professional to start in their fight against the Deadly Data Breach. Password Best Practices are common sense protocols for passwords and a great place to start creating a healthy password environment for your organization. PennState has a great article on Password Best Practices that I found very helpful.

 

  • Speak Up: For the end user, there is a great website that was featured in the NYTimes that has a list of applications supporting two-factor authentication. The end user is also able to send a request to their favorite website/application requesting that they support two-factor.

 

 

We are in an age where logins are a part of life and the gateway to private and confidential data. As the tsunami of data breaches continues to destroy and damage the cyber world, it is time to look towards stronger authentication to reduce the impact on organizations worldwide.

 

 

http://scamicide.com/2014/09/11/scam-of-the-day-september-11-2014-important-home-depot-update/

You Have a Case of Identity Theft!

Identity Theft

It’s the hot topic in the news, blogs, books, and more, identity theft and security! We are all susceptible to identity theft from the individual user to the largest corporation.

 

Author Steve Weisman has been speaking on Identity Security for years, including his blog Scamicide and in his books The Truth About Avoiding Scams and Identity Theft Alert: 10 Rules You Must Follow. The most recent breach, the Community Heath System, is one that Weisman covers in his blog entry Community Health Systems and the Chinese hacker. By now we all know the characters in the story, hacker wants sensitive data, companies have budgets and time restraints, and users want usability. In his blog post, “Community Health Systems Data Breach Update”, Weisman wisely states, “It has been said that the price of liberty is eternal vigilance and that is also important in maintaining your own personal security.  People who did not change their passwords following the Heartbleed security flaw first being uncovered should take this as a wake up call to do so now.” I concur!

 

(read on to learn how you can make a difference)

 

Weisman goes on to give some great examples on how to protect credit and to watch for fraud. But we all know that that is not where the story ends. Weisman states the grim truth that “it is not unusual for hackings and data breaches to remain undiscovered for significant periods of time.  This data breach may be the first major data breach connected to Community Health Systems, but it is most likely not going to be the last.” Sadly, he is most likely correct.

 

Organizations and companies need to transition to stronger authentication; one way they can do this is with a usable authentication solution. Why usable? Well, let’s not forget one of the main characters in this story, the user. Users want usability when it comes to identity security and logging into their accounts, and there are many solutions that are rising to the occasion to provide both security and usability to organizations. PortalGuard is one solution that brings usable Two-factor Authentication to the table with printable OTPs, SMS, and PassiveKey.

 

So there is no doubt that security needs to be increased and usability cannot be forgotten, but what can you do as an individual to increase authentication security within the organizations that you use on a daily bases? Well, I am glad you asked. I just happen to have the perfect site that was promoted on newyorktimes.com in Ron Lieber’s article A Two-step Plan to Stop Hackers.  Twofactorauth.org allows you to send a tweet requesting that organizations and apps that are housing your personal information support two-factor. (you may now cheer and applaud) Find out if your favorite app is using Two-factor or take it into your own hands to tell them to support Two-factor.

 

Weisman ends his blog post reminding us that “you are only as safe as the places that hold your personal information and some of them have poor security.” How true that is, and how slow many are at implementing the necessary steps to secure our personal and private data. In conclusion, you have really two choices as a user.

 

Cut out all technology from your life and keep your savings under your mattress

OR

Make smart identity choices and request that those that are housing your personal information implement a usable, two-factor solution.

More Compromised Students and Faculty

butlerlogoblue

Recently, there was yet another security breach at a college campus. This time the victim was Butler University, where a hacker accessed over 160,000 records for current, past students and faculty. The information stolen was the typical pertinent information that is stolen in this type of breach.

Names, Social Security numbers, date of birth, and bank account information.

The announcement of this breach comes due to an identity theft investigation that came from California law enforcement. The perpetrator that was caught possessed a flash drive that contained all of the data stolen from Butler University. Through the work of a third party investigator, it was uncovered that the information was stolen by remote hackers who accessed the Universities network between November 2013 and May 2014.

When will all of this craziness stop and people take security seriously?

I find it interesting that there is not more of an outcry from the general public to make sure that organizations are protecting their information. It used to be that colleges and universities were less likely to get attacked, since students typically do not have any credit in general. However, this year we have seen two other colleges in the spring and a high school earlier this summer.

There are schools, like Dalton State College and Clermont Northeastern School District, that have taken a serious look at this problem and addressed it by partnering with PortalGuard to deploy a two-factor authentication solution. By adding a two-factor authentication solution to their environment, they are able to ensure that the end-user is who they claim to be and not an imposter or hacker. This type of authentication can also deter man-in-the-middle attacks as well.

 

Violated Database: Montana Department of Public Health and Human Services

Creeper

Your car has been broken into, yet nothing was stolen. Nothing was stolen, so no big deal, right? WRONG! You would still feel violated, creeped out, and concerned about it happening again. The Montana Health Department has experienced a similar data breach.

 

On May 15th, Montana’s Department of Public Health and Human Services (DPHHS) officials noticed out of the ordinary activity. After further investigation, DPHHS confirmed that a server had been breached by hackers, and according to Alison Diana’s article Montana Health Department Hacked,“1.3 million people of the incident” are being notified of the breach and ensured that their information will be protected. Diana continues by stating, “there is no evidence this information was used inappropriately – or even accessed.”

 

At the moment, DPHHS is ensuring that a stronger security solution will be put in place to prevent such attacks from happening again, and extra measures are being taken to ensure that all citizen information is not compromised. There is a help line that DPHHS has on their website with information for potentially affected patients.

 

Diana continues in her article on the increase in attacks on healthcare databases, “many healthcare breaches have historically resulted from employee carelessness or error, hackers are increasingly attracted to this industry’s rich stash of personal data — including Social Security numbers, credit card information, and addresses — and personal health information.” With all this private information being housed within a healthcare database, it is imperative that a stronger authentication solution be put in place, along with educating employees on Password Best Practices (PBP). Many IT professionals are turning to PortalGuard for Healthcare for stronger security and increased usability for their corporation.

 

 

http://www.informationweek.com/healthcare/security-and-privacy/montana-health-department-hacked/d/d-id/1278872

Young Hacker Infiltrates High School Database

TeenageHacker

We live in a world with multiple cyber threats, many coming from alias names from countries we have never been to. Within the United States, we have our fair share of hackers that cause major problems and confiscate sensitive data. It is sad and eye opening when it happens on the high school level.

 

Recently, a 16-year-old boy gained access to a school database that held personal information like grades and attendance. By gaining access to this database, the student was able to change multiple attendance records and grades.

 

According to Ashley Carmen’s SC Magazine article “Orange Public School district staff and authorities believe the student accessed the computer system through a teacher’s login credentials . . ., however, they aren’t sure of how he obtained access to the teacher’s password.” With the privacy and safety of students being top priority over the last decade or so, it is surprising that many K-12 schools have not deployed a second factor for account logins for both students and faculty.

 

With this account hacking comes “multiple counts of second-degree computer theft for unlawfully accessing and altering data and one count of hindering apprehension,” according to Carmen. This case is going to be handled in Family Court.

 

As K-12 schools begin to invest in identity solutions, many are turning to PortalGuard for education, giving them stronger security and increased usability.

 

 

http://www.scmagazine.com/new-jersey-teen-charged-after-altering-students-grades-and-attendance-records/article/358103/

From Hacktivist to Cybersleuth

Hacker Gone Hero

 

It’s just like something from out of the movies: criminal mastermind gets caught, turns from his wicked ways, and eventual unveils a piece of the criminal mastermind world to help out the good guys. There is something intriguing in being able to see into the criminal mastermind and get a behind the scenes look at the secret life of these hacktivist. In the hacktivists’ world, there is a network of secret groups and ominous aliases that threaten to breach and expose a multitude of private and personal data.

 

In August 2011, Hector Xavier Monsegur, also known by his hacker alias “Sabu,” pled guilty to numerous charges relating to multiple hacktivists actions. Monsegur then proceeded to help reveal the true identity to the alias names responsible for stolen identities and jeopardized corporations. According to The Daily Dot article LulzSec hacker-informant ‘Sabu’ set free, “After agreeing to help the FBI “immediately” after they busted him in his home on June 7, 2011, according to court documents, he proved extremely helpful to their investigations.” With the Monsegur turned cyberslueth, FBI officials were able to prevent many major cyber attacks from taking place.

 

Monsegur is also the foster parent of two kids, and this factor was what drove to Monsegur’s quick response of pleading guilty and full cooperation with the FBI.  According to USAToday, his attorneys stated “It was not a difficult choice for him. [. . .] his family came first.” Monsegur and his family are currently being relocated for safety purposed.

 

 

http://www.usatoday.com/story/money/business/2014/06/16/computer-hacker-sabu-monsegur-took-risks/9731443/

 

http://www.dailydot.com/news/sabu-hector-xavier-monsegur-fbi-antisec-anonymous-sentenced/