Wednesday, May 23, 2018

Web Secret 520: Cybersecurity - part 2

This is part 2 of a 5 part series on cybersecurity.

We are vulnerable to cyber-attacks for a variety of reasons:
  • As early as 1994 experts called for a national information infrastructure – that hasn’t happened
  • Much of the USA’s most sensitive information is not encrypted. How comforting.
  • A recently enacted 2017 Trump law allows your internet service provider (AKA FIOS et al) to sell your metadata without your permission.
  • When companies upgrade their websites, they upgrade their security but old webpages still exist and are vulnerable to hacking. One expert said, “We have 20 years of vulnerable websites.”
  • Two-Factor Authentication was devised in the 70s but has only recently begun to have traction. In other words, we have technology to foil attacks but decision makers are slow to deploy it. And people are even slower to adopt it. Two Factor Authentication is an extra layer of security known as "multi factor authentication." It requires not only a password and username but also something that only the user has on them, i.e. a piece of information only they should know. For example, the answer to questions like "What is the name of your first pet" or "what is your dream vacation spot?"
  • In an April article titled “Failed by Facebook, We’ll Return to the Scene of the Crime. We Always Do.”, the New York Times reported how even when a company is hacked, or fails to protect our privacy, we go right back to using it.

    “The reality is that when it comes to privacy, the trade-off has already been made: We decided long ago to give away our personal information in exchange for free content and the ability to interact seamlessly with others… After just about every big privacy hack over the past decade, people quickly returned to the scene of the crime, using the same store or online site that had been compromised.”

    During the Forum, one expert pointed out how even the most egregious lapse will result in only a brief downtick in a company’s stock market performance.
  • We are fighting a 21st century crime with outdated approaches. The attack vectors multiply and the preparedness of end users is very low.
  • In the 21st century, US armed forces do not manufacture the weapons they need, they subcontract with a private enterprise. Similarly, US apps, software, and hardware are in the hands of the Apple, Microsoft and Googles of this world. The US government turns to these companies to self-police themselves.
  • Cyber-security is not primarily a technical challenge but rather a social/political problem. An educational problem. A legal problem. A policy problem.
It is concerning that several Yale Forum experts stated that there needs to be “carnage” for the country and its citizens to pay attention to cyber security. Meaning one or more people need to die as a result of a hack for the public to demand that attention must be paid. One expert even wondered if we need a “grand carnage moment” to make it happen.

Along that line, some of us during a lunch break wondered when a person’s medical history will be hacked causing them serious injury, even death. Would we even know if it happened? So far hospital records have only been hacked by ransomware.

What happens next?

To be continued next week...
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)