Delving into week 9 brings the
stark reminder that no one: no company, no organization, be it private or
government, profitable or non-profit, no one is exempt from a cyber attack, no
one is ever 100% secure from a cyber attack. While we laud the rapid pace of
technological advances, and the comfort it brings us (I’m writing this blog
while working from home today, so I don’t want to be too hypocritical), the
problem is that this same technology is misused tremendously by cyber
attackers. Despite the increasing wave of data breaches over the past few years
to companies like Home Deport, Chase Bank, and Experian, it seems like
companies are not doing their best to keep their data (and our data) as safe as
possible. Just a few days ago Twitter announced that a bug in their system
may have exposed user passwords internally. While the company quickly said that
no breach occurred, and must be commended for coming out publicly very quickly,
the fact remains that this information was available to hackers for a period of
time, so Twitter can never be 100% sure that the compromised data was not
acquired by attackers! I am leery that Twitter’s own internal investigation showed
no signs of a breach or misuse; let’s get an independent auditor to confirm
Twitter’s findings! Read more about it here: https://www.trendmicro.com/vinfo/us/security/news/online-privacy/change-your-passwords-twitter-bug-exposes-user-passwords.
The Twitter accounts’ compromise
and the other data breaches is a reminder to all users, personal or corporate, of
the need to practice good security measures on social media accounts. The top
on the security list is creating and using strong passwords that follow
complexity rules. If your password is easy for you to guess or remember, it is more
likely to be an easy target for hackers. Also, always check your security and
privacy settings. Don’t use the system default settings. Adjust the default
settings as much as necessary so you can protect your personal information.
Every time I hear about a new
technology or device being introduced, I get a little fearful. Take Amazon’s virtual
assistant, Alexa, for example. Amazon has made several Alexa-enabled devices,
and other manufacturers are building Alexa into many types of devices like
phones and thermostats. I thought to myself: great; now let’s say see what
hackers will do with it! Just two weeks ago, an article on the Trend Micro
website stated that Alexa can be programmed to eavesdrop on its users and
transcribe the information, which is a great potential for hackers to steal private
information. As far as most (if not all) users understand it, the Alexa digital
assistant is supposed to end the active session until prompted for another active
session. However, it seems attackers can prompt Alexa to believe it has
informed the user that the device is still actively listening, and can
transcribe and send the information to the programmers. Read more about it at https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/alexa-can-listen-indefinitely-potentially-exploited-to-transcribe-information-to-cybercriminals.
The need for education of users in
the area of cyber security and general security measures remains strong. People
must understand that they are responsible for maintaining the security on their
products, and should not rely entirely on vendors and manufacturers. While
manufacturers may identify vulnerabilities and provide patches and system
updates, it is still the user’s responsibility to actually download these firmware
and software updates. Good security practices, like using strong passwords, not
using the same passwords on different accounts, and changing passwords
regularly should be followed. Operating systems and browsers should always be
kept up-to-date in regards to patches and security updates. And make sure to
keep regular backups of data; this comes in useful if an attacker targets and
corrupts your data – a backup can save you time, money, and a lot of headaches.
No comments:
Post a Comment