BY PAUL FARKAS, TECH DIRECTOR
We live in a world where cyber threats are all around us in our business, personal and family lives. It is integral to gain knowledge and take action on how to have better habits and get with protection from safeguard third-party solutions. We found a recent industry panel session hosted by Chubb, "Becoming Cyber Smart at Home, Work and Wherever Life Takes You," to be super-informative and recommend looking at these topics, themes and steps to get your digital lives in top shape!
The panel comprised of cyber industry experts from Chubb, ADT, Carnegie Mellon University and CyberScout, and outlined a range of cyber threats facing individuals and small businesses in today's connected world. It describes real-life examples and anecdotes in bite-size answers, and offers some best practices for individuals and businesses for keeping their personal information safe against some of today's biggest cyber risks.
The session delivered an insightful discussion about cybersecurity and its impact on our personal and professional lives by demystifying cyberthreats as well as highlighting practical protections that can be implemented by anyone.
Patrick Thielen, Senior Vice President, Cyber and Technology Product Lead in North America for Chubb, led the panel discussion. “To frame the risk facing consumers, global economic costs of cybercrime are rising into the trillions of dollars annually, and a large portion of that falls squarely on the shoulders of consumers. Since 2005, there have been over 8000 reported data breaches of businesses, in which over ten billion consumer records have been stolen. As of today, 64% of American adults have been victimized by at least one of these
breaches and most multiple times.. The average email user today has over 130 online accounts and we have more and more internet connected devices in our homes. It is not surprising that according to the 2018 Chubb Cyber Survey focusing specifically on individuals, 86% report being concerned about a cyber breach, yet only a small percentage were taking basic precautions to guide against them.”
In fact, 8 in 10 people experience or know someone affected by cybercrime per the noted US Results, 2017 Norton Cyber Security Insights Report. Incredibly, cyber attacks were found to be happening every 39 seconds by a referenced study by The James A. Clark School of Engineering at University of Maryland.
Summer Craze Fowler, Technical Director of Cybersecurity Risk and Resilience at Carnegie Mellon, is responsible for a team and portfolio of work focused on improving the security and resilience of the nation's critical infrastructure and assets. “Businesses of all sizes are targets for these data breaches as they hold so much information and data, not only about consumers, but also about their employees,” she noted. “Typically when we think about these data breaches, we think about credit card fraud, but it has extended well beyond.. we’re looking at lately W-2 fraud and health insurance fraud,” raising that W-2 phishing is up 870%, where tax returns are being filed on behalf of employees and diverting those funds to the bad actors. “Your health insurance information can be used by others getting care and pretending
to be you.”
The session was well-supported by studies and figures. 27% of data breaches in 2017 were medical or healthcare related per the claims data from the Identity Theft Resource Center. A whopping 24% of all Chubb cyber claims are healthcare related.
Adam Levin, Chairman and Founder of CyberScout and author of the critically acclaimed book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity, made some excellent points for business and consumer to note and act upon. “The reality
with the ID theft problem.. is this data can use you as the credentialed person to get into your business network, where they can put malware on the computers of your business; they can steal information involving W-2s; create situations where they do wire transfer fraud; they can steal intellectual property and trade secrets. It isn’t you for you, but as a conduit of all of the other things. The biggest thing they do is phishing attacks, they do drive-by attacks, they find ways to get malware on your computer and do keystroke attacks, ransomware and then they also get into information about kids.” He shared some appalling scenarios, like child-related identity theft, where the scheme can be as long as a 15-17 year run, because kids’ credit isn’t often checked, and often times it is a person in the home as a relative to set up a separate life right under their nose across the table.
Michael Keen, Vice President, ADT Cybersecurity, chimed in, “[a]n additional threat vector is the home network, like a home router.. there are countless folks that have the same passwords or administrative access to those devices and the same firmware when the device
was issued. Compared to all of the threats out there, you have to look at what’s keeping against threats created yesterday to protect us today. And so the motivation of criminals that
attack the home has also extended to the Internet of Things (IOT) devices. In 2017, the average number of internet-connected devices connected to the home was around 13.. talking
about (connected) light bulb, a thermotstat, a lock, a baby camera, a refrigerator, television, and in terms of motivation, frankly it pays.” He added, “Cybercriminals will always take the
path of least resistance” and gave low cost IOT devices as an example, where the ability to put additional layers of security, firmware updates and testing is nowhere near physical security installed by professionals. The strength of your network is dependent on the
weakest devices in your network. It is either focused on things like denial of service attacks or can even be used to mine cryptocurrency using your network’s power to mine Bitcoin.”
Indeed, studies show costly ransomware is on the rise. Per the Symantec 2018 Internet Security Threat Report (ISTR), the average cost of ransomware per attack is $533.
Ms. Fowler continued by pointing to the fact that people need to be practicing good cyber hygiene. “Often times we are offering up the information, like internet quizzes where the data we put online is used by nefarious purposes. Phishing, vishing (voice), smishing (sms) are prevalent and even videos on online dating sites are also being used for ransomware.”
“Unfortunately we are not going to be able to prevent this anymore,” Mr. Levin regrettably noted. “We have hundreds of millions of social security numbers out there due to breaches for many years. Cyberwar has replaced the cold war that we face-off everyday against state-sponsored hackers, for-profit hackers, cause hackers and basement hackers. We have to adopt entirely new paradigm as to how we think about it.” Mr Levin has coined and developed the 3M’s for the industry where “we boil it down to three M's -- minimize, monitor and manage," said Mr. Levin. "It is about minimizing your risk of exposure through adopting best practices, monitoring your accounts effectively and comprehensively, and managing any damage, such as ID theft or stolen accounts that might occur." He elaborated that it was about “minimizing the risk of exposure or reducing your attackable surface; effectively monitoring, and planning for and monitoring the damage.” He said, “it’s not about the technology, it is about creating and following a culture and following it for businesses and
consumers.” Some solid advises Mr. Levin gave were: using strong passwords or getting a password manager; enabling 2-factor identification; creatively changing memorable answers
to security questions; staying away from public wi-fi and using VPN for better protection; updating and backing-up your data; shredding; freezing credit; changing default passwords of
IOT devices; checking and being mindful of credit scores and signing up for transactional monitoring alerts; thinking of more sophisticated monitoring programs; and looking at explanations of health insurer benefits where there are multiple charges due to fraud.
