This content is produced by
MOST POPULAR ON BOSTONGLOBE.COM
Based on what you've read recently, you might be interested in these stories
This article is a part of BG BrandLab’s Cybersecurity Special Report, meant to provide insights about today’s cyberthreats and the steps readers can take—as individuals, employees, and decision-makers—to protect against them.
“Why would anyone hack me?,” is the reflexive response of those considering enhanced cyber-protection measures with Tom Kellermann, chief cybersecurity officer of Carbon Black, a leading provider of next-generation endpoint security solutions, including its Endpoint Detection and Response (EDR) tool used by well over half of the world’s cybercrime and cyber-espionage investigations.
“Even if you’re not processing payments or a company that seems like it should be hacked—you put out a press release about your latest customer or partnership and that’s why you’ll be hacked,” Kellermann explains. “Your relationship with another party deemed worthy of elite hacker interest attracts their attention to you. Just consider the most powerful people whose emails or phone numbers you have in your contacts list.”
While earlier cybercrime could be compared to a heist, we are now finding ourselves in a hostage situation. According to Kellermann, “Hackers are now trying to colonize infrastructure, not just for the benefit of themselves, but understanding full well that the brand of that business or the digital brand of that individual can be used to attack those who trust it.”
Bad actors masked as reputable or friendly sources are granted access all too easily to our private digital lives. Kellermann invokes the phrase Pax Mafiosa to describe the emerging coordination between the Russian government and more sophisticated cyber-criminals, whereby hackers are being encouraged to create backdoors into American businesses, government agencies, and personal devices in exchange for protection from Western law enforcement.
Dangers cloaked as friendly interactions
Intruders are donning the mask of familiarity to gain entry into our personal digital worlds. “Consumer-targeted attacks are designed to feel local,” warns Taylor Lehmann, chief information security officer at athenahealth in Boston. “So, you have to be skeptical when you receive phone calls, emails, and messages from numbers that don’t look quite right or are unexpected.”
Lehmann notes robo-dials, extortion, and online fraud often have a local feel. For example, in Boston you might get an email with the subject line, “Click here to win four tickets to the Patriots football game,” or receive calls from a (617) area code. The most sophisticated scams are “meant to look like they are coming from your neighbor,” he says.
Connected devices’ inherent risk factors
Our trust in the benign nature of Internet of Things (IoT) consumer technology may also be jeopardizing our personal privacy. According to data assembled by the market research firm Parks Associates and sponsored by cloud and software provider Calix, 71% of US broadband households own a connected entertainment device. Adoption of smart speakers in the US almost doubled from 66.7 million devices in December 2017, to 118.5 million a year later, based on findings from NPR & Edison Research.
Mike Pinch, director of threat management at Security Risk Advisors believes the rise of virtual assistants and voice recognition devices is the current biggest risk to Americans’ privacy. “In most cases, they are constantly listening to your conversations, in some cases even recording in order to be able to instantly respond to your requests.”
To counter the surveillance practices that are inherent in these services, Pinch advises configuring the devices with more stringent privacy settings.
Lehmann urges Americans to contemplate the implications of connected products before inviting them into their personal lives. “Products that require a network connection almost always need it so they can send data about your use or your person to the manufacturer for various purposes,” he explains. “Many products you may not expect, like thermostats, wireless speakers, even robotic vacuums are processing tons of data and sending that data to places you may not be aware of.”
While most of us are not software engineers, Lehmann stresses that we all have the right and responsibility to ask basic questions of these products like, “Why are these devices connecting to a network to function?”— and of ourselves, like, “Am I okay with how they are using my data?”
Asking questions of the companies we trust
Another risk factor is trusting blindly in the services we depend upon to protect our identity and
personal finances. This can lead to an unhealthy complacence, which is dangerous. Instead, ask companies what they are doing to protect your data. And, if your bank or credit card company offers real-time notifications, take advantage, suggests Alan Brill, senior managing director and founder of Cyber Risk at Kroll, a division of Duff and Phelps.
Personal security basics
“Hackers are sweeping the web and preying on the weakest people,” reminds Marc van Zadelhoff, COO of LogMeIn and provider of password management and identity solution LastPass, with over a decade of experience leading IBM Security. Similar to the adage of outrunning the bear in the forest, Van Zadelhoff cautions that those with the strongest password protections will stay ahead of others whose passwords are most susceptible to hackers.
People should also protect their devices by using the latest operating system and running the latest antivirus and malware software on your laptop, explains Samuel Sanders Visner, director of the National Cybersecurity Federally Funded Research Center at the MITRE Corporation. MITRE’s federally funded research and development centers support the US government in exploring new ways to use technology to confront emerging issues.
People should also think twice before logging on to public wi-fi, and stay alert if they do. In Visner’s estimation, our communal tendency to share what he describes as our “pattern of life” on social media introduces unprecedented risks as well. Sharing images and details of your personal life may provide clues cybercriminals can use to guess your passwords, and posting about your career, and the network access implied by your role, could attract malicious interest.
“If you tell people a lot online about your responsibilities at work, including your rights as a system administrator in a network, that can make you a target for people who want to get into a network and manipulate it,” says Visner.
Sponsored by Studio/B
The biggest cybersecurity risks threatening Boston-area businesses right now
Practical tips for protecting your business from cyberthreats
The future of cybersecurity: The good, the bad, and the scary
Defending the vote from threats old and new
Why Boston is a cybersecurity hotbed
This content was produced by Boston Globe Media's
BG BrandLab. The news and
editorial departments of The Boston Globe had no role in its production or display.