Cybersecurity an Inevitable Relinquishment

Bloomberg Businessweek December 28,2020 pp8-9|Remarks|”The Hack is the Sound of Inevitability” “A massive data breach is a reminder that in all corners of cyberspace, the advantage is with the attackers” by Joshua Brustein

Image visit the website for personal and business cybersecurity tips for 2021

Read the full BBW article for all detail.

Summary of the article

Sad but true you can make it harder for cyber-attackers but ultimately you can’t eliminate unseen risks.

What solutions are available to make it harder?

Besides the usual, don't share information, select difficult passwords, change them often, get two-factor authentication, avoid phishing scams and don’t use public WIFI etc. is there anything you can do to minimize the likelihood of being hacked? Two companies that provide some options are BlackCloak and Helm. “BlackCloak offers a combination of securing passwords, (using password vaults and setting-up two-factor authentication on critical accounts), protecting physical devices (put that phone in a Faraday bag when traveling abroad), and constantly probing clients’ systems for weaknesses.” Take control over your data by “maintaining physical control over it” which is offered by Helm ( Helm “sells physical servers that individuals can use an alternative to email providers, photo-storage systems, and other services that store data on corporate servers.” This system allows access for new devices or accounts only if those asking have “physical access to the server itself.” “Doing this eliminates one way that attackers-or marketers-gain access to your personal data.” The tradeoff is you must be “the physical custodian of your digital life” and in reality “it becomes complicated, if not impossible, to opt out [of other outside services].” After all we must understand that there exists “entire industries based on gathering such data without bothering to check with you first.”

Examples of notable hacks detail the challenges for personal and business systems.

The SolarWinds (SW) had a “supply-chain attack in Spring 2020. In such a hack attackers sneak into a system by compromising a product on which it relies. ”SW with 300,000 institutions using its software was attacked when “18,000 [institutions] were exposed when they downloaded a legitimate update” from SW. As is typical of periodic software updates, this SW update among other improvements was intended to give end-users the latest protection against intrusion. Instead, the supply-chain hackers had free range for months on “victims’ networks before anyone noticed, harvesting secrets, and could also have been inserting other vulnerabilities…”. Cybersecurity experts and the U.S. government “have tied the attack to hackers affiliated with the Russian government, and its victims include the U.S. departments of Commerce, State, and Treasury, Microsoft Corp., and cybersecurity firm FireEye, Inc.” It is noted that there is “no purely technical fix to cybersecurity at the nation-state level.” “The digital landscape is far too complex…to monitor all the ways we’re exposed…determining whether your data will be used against you are completely out of your control.”

Like SW, individuals have their own supply chain vulnerabilities “over which they have some but not total control.” When you choose a product-software you put yourself at risk and the article cites the 2017 CCleaner (CC) hack when individuals became “victims [and were] compromised when they availed themselves of the official CC update. Ironically, CC is designed to “erase web cookies and otherwise bolster users’ privacy protections.” “At the time of the attack CC had been downloaded about 2 billion times.” 2013 Target Corp. hack occurred when the digital supply chain of an institution they do business with was compromised with the “perpetrators [making off] with more than 100 million credit card numbers” and other personal data.

Ultimately individual vigilance does not work as according to Dennis Hirsch (Ohio State) “’I can’t know enough to choose which credit card company is likely to spill my data because of cybersecurity, and I can’t know which company is going to analyze my data to infer my mental health status and determine my creditworthiness.”