The Ides (Hacks) of March

Mar. 24, 2017 | by BioCatch

BioCatch's Vice President of Marketing Frances Zelazny has written this blog post as a follow-up to last week’s blog on tax scams and the consumer perspective. 

In early March 2017, WikiLeaks released the largest leak of CIA documents in history. The documents, composed of thousands of pages, provided a look at the various tools they employ. One of the revelations coming from the leak is the ability the CIA possesses to hack into computers, smartphones and Internet-connected TVs. The documents also cover instructions for compromising PDF documents, antivirus programs, Wi-Fi networks and online calling services such as Skype. Yesterday, WikiLeaks released another set of documents, called Dark Matter, which talks about the ability to go after Apple Firmware.

While the average individual or company may not have any concern about being spied on by the CIA, the fact that the archive contained hundreds of millions of lines of computer code has many industry experts worried about who may benefit from having access to this trove of hacking tools.

The concerns are valid. Besides the CIA news, we have also learned this month that a number of money managers and financial firms were victims of an email phishing campaign against employees tasked with filing 10-Ks and other documents with the SEC. The scheme apparently involved emails alleging to be from the SEC sent to filers whose names were on previous 10-Ks with a link to an updated 10-K form; the link instead would download malware that could obtain confidential information from the filer's employer.

And last week, current and former employees of a federal contractor were informed that all the data from their annual W-2 tax forms — including name, Social Security Number, address, compensation, tax withholding amounts — were snared by a targeted spear-phishing email.

National Cyber Security Alliance Summit

On Monday, March 13, the National Cyber Security Alliance held a summit in New York City to discuss how enterprises should address these pressing issues. The event was attended by more than 130 government, industry and non-profit executives, including BioCatch. One of the main themes of the summit was "a growing understanding that cybersecurity is an enterprise-wide issue – touching legal, reputational, operational and regulatory risks," while at the same time recognizing that "senior executives face complex challenges balancing business decisions and cybersecurity without a full understanding of how to strategically manage enterprise-wide cybersecurity risks and effectively communicate those risks to employees."

However, much of the panel commentary and side discussions centered around how the consumer can and should protect themselves.  There was widespread acknowledgment of the human element, and how we are all vulnerable and in a moment of distraction, can very well click on a link that installs malware on our machines.  According to some reports, malware has grown approximately 400 percent over the last 5 years, so it is going somewhere, and no one is immune.

The Human Element

Behavioral Biometrics can help protect consumers from fraudA Pew Research Center study released on Wednesday highlighted the magnitude of the problem at the consumer level. In their survey of 13 questions testing cybersecurity knowledge, the typical respondent answered only 5 correct; 20% of the respondents answered more than 8 correct, and only 1% answered all the questions correctly. Looking over the questions, that is probably not too surprising.

What is surprising, is that despite all the high-profile hacks and news swirling around IRS scams, ransomware and other cyber risks, most businesses and government agencies continue to employ antiquated security techniques that the hackers have clearly figured out how to exploit, while consumers are left holding the bag.

The early adopters of the latest generation technology, like behavioral biometrics, have reaped its benefits. They are employing continuous authentication techniques to verify the integrity of a session after the login to protect against remote access takeover and social engineering attacks, and save consumers from significant amounts of fraud every day. Other solutions that provide real-time threat detection and containment will also help enterprises build resilience and protect consumers from identity theft and fraud.

We do not find it acceptable to live in a neighborhood that is crime-infested, yet it seems different rules apply online.  It is time for consumers to demand action from their providers – public and private sector. If we operate under the assumption that our information is already out there, we need to focus on how to know if someone is using that information and stop them.

Topics: Fraud, Cybersecurity, Malware