From the Tallahassee Democrat
I was chatting with the Tallahassee Chamber of Commerce the other day about their upcoming conference at Amelia Island in August and a panel they invited me to be on at their summer conference.
The topic is technology threats like the ones that impacted Colonial, CNA, Solar Winds that have dominated the headlines this year. They asked me what we should call the panel and I said, CYBER IN-SECURITY. Zing! Not too shabby if I do say so myself and it really fits the narrative too.
You can have every cyber tool available to fight hackers and your intern could answer the phone and give a hacker your network credentials, or go buy a stack of gift-cards after receiving a text claiming to be from you, or you could click an email and cripple your organization in the blink of an eye.
Hacking first became a thing in 1971 with John Draper as he learned to “steal” long distance calls by the development of a blue box that mimicked the tones needed. Then in the 1980s our culture is hit by the War Games film and everyone becomes infatuated with hackers.
My older cousins thought they were quasi hackers as we were always trying to upload the latest games from the phone I guess, remember Castle Wolfenstein, Ultima, all games on the Apple IIE? Amazing times. These same cousins also tricked me to float on a raft in the pool in my suit before church, let’s just say it did not end well for me or their autographed Houston Oilers football. Moving on.
By the 1990’s things really evolved and something called the World Wide Web came on the scene and hacking will never ever be the same again. Nor will anything else, can you even remember what life was like before Uber, Spotify, Instagram, Venmo, Google, Netflix, what a time to be alive someone very smart said once.
Since that time we have spent decades making ourselves available on the internet, with websites that have our contact information, with social media sites like Linked In showing everywhere we have worked and who we have worked with.
Twitter feeds with projects that we work on, Facebook pages that show what we do and what are our interests. Hackers have turned this against us and they have turned (among other tools) one of the most common communication platforms, email, into a easy to use threat delivery system for an email embedded with ransomware.
This is what took the Colonial Pipeline down, someone in their organization, it is alleged, clicked on an email and it froze the company and the domino affect caused people to literally lose their minds here in the capital city. I hope everyone with gas and trash bags full of gas (yes people really do that) are happy.
Ransomware is one of the most common threats delivered by email and the email that arrives could appear to be a voicemail, a resume, a shipping confirmation, a password reset, you have to be suspicious first of all emails. That is mindset you must have to protect yourself. Cyber Tools can only do so much, some threats will get through.
Then there are passwords, remember the massive breaches of Adobe (2013), Equifax (2017), LinkedIn (2012) where millions and missions of private info like passwords were stolen. We forget about these situations and those passwords go for sale on the dark web and guess what, if you still use them hackers can get into your ITunes, Spotify, Venmo, or Facebook pages. It is not just stolen passwords that are the problem, as you know bad passwords can take you down as well.
The Solar Winds massive breach affecting our government in a big way all started with a password SolarWinds123. Yes, people still do this, and someone reading this has a similar password, Nole123, Tally123 etc. Please change them, it is your front-line of defense.
Hackers are everywhere, they don’t even really need to have any hacking skills like John Draper had in 71, now you can just buy a ransomware toolkit on the darkweb for 100 bucks and you are in business.
When CNA got ransomware this summer they paid out $40 million, when Colonial got it they paid out $5 million. Remember when Ronald Reagan was president and his thing was “we do not negotiate with terrorists?” We need to get back to it, as more and more criminals are getting in the game as it is certainly less risky than robbing a bank.
Until we start recognizing the threats, deploying more defensive tools (two factor authentication, advanced end point protection, etc.), and stop paying the ransoms, you can expect our cyber in-security to continue to grow.
Blake Dowling is CEO of Aegis Business Technologies, the host of the Biz & Tech Podcast, the author of the book, Professionally Distanced and he writes for several organizations. He can be reached at email@example.com