Facebook misses Crisis 101 basics in the latest data breach scandal.
By Bill Turner,LPC
It all began when it came to light recently that Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, had gained access to private information on more than 50 million Facebook users. The firm claims to offer tools to identify personalities of Americans and influence their behavior. Its clients have ranged from Mastercard to the New York Yankees to the Joint Chiefs of Staff.
According to the New York Times, the data collected from Facebook included details on users’ identities, friend networks and “likes.” Facebook has said that “no passwords” or sensitive information was taken.
Facebook is insisting that the Cambridge incident was not a data breach because the platform routinely allows researchers to access user data for academic purposes. Facebook users consent to this when they open an account. Instead, Facebook maintains that Cambridge crossed the line and broke the rules when they provided the information to a political consulting firm.
… Read the full article.
By Tom Meehan, CFI
LP Magazine‘s columnist Tom Meehan, CFI, shares his top five predictions for cyber risks retailers can expect in 2018:
1. Ransomware attacks will increase in 2018 and will become more sophisticated. Ransomware has been more prevalent in the past two years. In the first quarter of 2017 alone, these attacks have gone up by more than 250 percent. Ransomware is a type of malicious software designed to block access to computer files by encryption. A hacker will demand a sum of money to be paid to get your files back.
2. Attacks in both digital and physical worlds will become more serious. In the United States, we are increasingly likely to experience our first large-scale attack on critical infrastructure, designed to disrupt government and private sector. In 2017, there were several large-scale airport, airline and utility company outages that were made possible by errors and outdated systems. In 2018, we can expect more of this…. Read the full article.
By a Loss Prevention Media Contributor
Security issues were a top concern for many organizations during 2017, with Russian hackers, high-impact ransomware attacks, and major data breaches dominating the headlines. As retailers prepare for the challenges of the new year, it might be a good idea to think about possible risks and security failures that are likely to arise in 2018. Luckily, the Chertoff Group, a risk management and security advisory firm, has recently released its predictions for the top six security risks in 2018. Adam Isles, principal at The Chertoff Group, shared his thoughts:
Expansion of Internet of Things as a Threat Vector – Millions of unsecure, Internet-enabled devices provide new threat vectors. Given the rapid proliferation of Internet of Things devices in advance of IoT-oriented security standards and configuration practices, expect these devices to be increasingly used as weapons for DDoS and other attacks…. Read the full article.
By Bill Turner, LPC
You may have heard of Frank Abagnale. You definitely have if you read the article he wrote for the March/April 2003 issue of LP Magazine—or if you saw the 2002 movie Catch Me If You Can, starring Leonardo DiCaprio and Tom Hanks.
Abagnale was one of the most successful “pre-internet” con men. He was a master of identity theft, impersonator, and check forger. He escaped from authorities twice before he was 21 years old and later served time in prison, although it was fewer than five years. He went on to work for the federal government teaching them criminal fighting techniques and is now a successful consultant and lecturer.
Abagnale committed all his crimes the old-fashioned way—manually, and without the aid of the world wide web.
Fast forward to today. The world is vastly different than the one Frank Abagnale grew up in. Today, master scammers rely heavily on the internet to aid in their crimes. Many of their schemes are basic and easy to identify—if you know where to look…. Read the full article.
Attacks using social engineering techniques can come up in a number of loss prevention assignments.
By Tom Meehan, CFI
When you think of hacking, breaches, or cyber security, what do you think of? Probably software or technology. We often forget the human side. But humans continue to play a big role.
In fact, more than half of breaches and cyber-security events start with a human error or social engineering techniques. Many are a combination of both.
So what exactly is social engineering? It is the manipulation of people into performing actions or divulging confidential information. It is a confidence (con, for short) trick for information gathering, fraud, or system access. And while it is like a con, it differs from a traditional con in that it is often one of many steps in a more complex fraud scheme. Wikipedia says, “While the term social engineering is not directly related to computers, information security, or traditional security professionals, most recently it has become a major part of our industry.”… Read the full article.