Threat Level Thursday: Cybercriminals Are Gaining the Upper Hand
This week's Threat Level Thursday brings pretty much nothing but bad news for anyone connected to the web. For starters, recent data shows that cybercriminals are gaining the edge and that healthcare IT security is worse than retailers'. Then there's the increased White House involvement in cybersecurity affairs, thanks to the escalating stakes involved and the increasing number of large online companies that have experienced security breaches. Let's get started.
Almost Half of Americans Have Experienced Cyber Crime
A CNN Money report, released with help of the Ponemon Institute Wednesday, revealed that 47 percent of American adults have been victims of digital identity theft. According to the report, 110 million Americans suffered cyber theft of a "name, debit or credit card, email, phone number, birthday, password, security questions and physical address."
"It's becoming more acute," said Ponemon Institute head Larry Ponemon. "If you're not a data breach victim, you're not paying attention."
Cybercriminals vs. Corporations
It's not just consumers that were affected -- companies are reporting that cybercriminals are gaining the upper hand in the arms race for digital data. Consulting firm PwC, along with agencies including the U.S. Secret Service, also released a cybersecurity study on Wednesday showing that corporate executives have come to fear cybercrime as one of the biggest threats to business.
"Cyber criminals evolve their tactics very rapidly, and the repercussions of cybercrime are overwhelming for any single organization to combat alone," said David Burg, PwC's Global and U.S. Advisory Cybersecurity Leader.
"It's imperative that private and public organizations collaborate to combat cybercrime and gain intelligence about security threats and how to respond to them. A united response will prove to be an indispensable tool in advancing the state of cybersecurity."
The White House Can Only Do So Much
The looming threat of cyber breaches has everyone worried -- all the way up to the highest level of government. Following the indictment of five Chinese military officials for perpetuating industrial espionage against U.S. companies, White House Cybersecurity Coordinator Michael Daniel cleared up just how much the government can do against such incidents.
"Now, this doesn't mean that we don't have more work to do to secure our critical systems and information throughout the country. Nor does it mean that we can stop working to ensure that regulations as written are clear, streamlined, and harmonized," Daniel wrote.
"It does mean that agencies with regulatory authority have determined that existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to those systems."
Translation: There's only so much the government can do, without the cooperation of the private sector, in order to protect consumers.
Healthcare Less Secure Than Retail
Oh, and let's not forget that, according to a new report by BitSight Security Ratings, the healthcare and pharmaceutical industry apparently are worse than retailers when it comes to cybersecurity — retailers like Target, the company that infamously ignored warnings and allowed the personal information of over 100 million customers to slip directly from their point of sale machines into the hands of criminal hackers.
Even Trusted Technology Being Breached More Often
This week, even seasoned, trusted, and certainly tech-savvy companies like Apple fell victim to hackers. Apple users in Australia were hit by a massive late-night hack that took control of their iPhones, iPads, and even reportedly some Mac computers. Some attacks have since been reported in New Zealand, the U.S., and Canada. The hacker, going under the moniker "Oleg Pliss," demanded that users send him between $50 and $100 to reactivate their devices - though for users that had previously set a four-digit pin code on their mobile Apple products, all they had to do was unlock their iPhones themselves.
To be fair, Apple itself didn't fall victim to the hack: the company released a statement saying that its iCloud service was not compromised, and implicitly held users responsible for using the same username and password across multiple sites and services. The prevailing theory now is that the cybercriminal(s) gained access to Apple ID information through phishing scams.
This hack attack comes a week after eBay, another long-running technological company that we've all come to trust, announced that hackers had compromised a database containing encrypted passwords, birthdates, mailing addresses, and other (non-financial) personal information from about 145 million user accounts - making it the second-largest data breach in U.S. history. After asking users to reset their passwords, on Monday this week a 19-year-old college student from England published details of a second security flaw that he found and told eBay about. This one could allow hackers to hijack eBay accounts. Great. Luckily eBay got to work to patch this vulnerability and thanked the young whitehat hacker for alerting them.
Spotify this week also joined the "we've been hacked" chorus when it announced on Tuesday that it, too, had "become aware of some unauthorized access" to their systems and internal company data. However, the company was only aware of one user's data being accessed.
So while it asked some users to re-enter their username and password to log in — and promised to security-upgrade the Spotify Android app post haste — the danger from this hack seems minimal. Especially compared to every other piece of bad cybersecurity news from the past week.
For more stories like this, follow us on Twitter!
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!