Cybersecurity Trends in Store for 2020

Cybersecurity Trends in Store for 2020

Did you know that the first documented ransomware attack was more than 30 years ago in 1989? That was around the time when a mobile phone was called a bag phone because it sat in a big black bag in your passenger seat … and that curly cord was wound so tight it hardly let it extend to your ear. If you were lucky, you could store about 30 numbers in it. But back then, that was pretty amazing storage. Then flip phones started to make our lives easier in later years. It was pretty simple but the fact that it could actually fit in your pocket made it truly mobile. There was rarely a thought that anyone was listening in on your conversations or tracking your locations (which they probably were but the average person didn’t think doing so was devious). Boy, have times changed.

 

Attacks involving ransomware, which were originally designed to target individuals, are occurring every 14 seconds now. Shocking isn’t it. After you read this sentence, focus on how long it takes you to breathe … inhale and exhale. Your full circle breathing process is likely anywhere from six to eight seconds, which is how long hackers are trying to increase the speed of ransomware attacks by this time next year.

 

Dave Wallen discussed some of the expected 2020 cybersecurity trends in a blog last week for Security Boulevard so we all can be “better prepared against the ever-evolving nature of cyber threats.” He wrote, “With today’s pervasive use of the internet, a modern surge in cyberattacks and the benefit of hindsight, it’s easy to see how ignoring security decades ago was a massive flaw.” It’s not just the speed of the attacks that is alarming, it is the variety of them that are going to keep things interesting for 2020.

 

So what are some of the trends we will be seeing in 2020?

 

Fear will drive spending. Gartner forecasts that worldwide spending on cybersecurity is going to reach $133.7 billion in 2022. The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have pushed businesses and government agencies to a more sophisticated cybersecurity infrastructure than ever. Wallen noted that 76% of organizations plan to increase their cybersecurity budgets this year.

 

The cybersecurity labor market will continue to experience labor shortages. There are many reasons for this skills gap. Not only are there more cybercriminals, but there are also more places for scammers to hide with our ever-expanding reliance on technology. Also, there still needs to be a balance of expanding skills in a very specific area with teaching broad skills that can be useful across many sectors. Think of those with titles such as chief information officer (CIO) and chief information security officer (CISO) – they are currently undervalued.

 

Cloud security will require a more pragmatic approach. The assumption that our data is secure on ‘the cloud’ in applications such as Microsoft and Google will be a thing of the past. In 2019, we saw massive attacks against Office 365 and G Suite that can bypass two-factor authentification making shared accounts exceptionally vulnerable.

 

Mobile devices will become even a greater target. As the number of mobile users increases, so will the amount of business data stored in them. Wallen wrote, “It’s a compelling reason why mobiles are seen as the primary cyberattack vector in 2020.”

 

Election security will be off the charts. With over 70 elections globally planned in 2020, there will be an intense focus on the spreading of disinformation.

 

5G, the fifth-generation wireless technology, will cause an increase in loT-based (Internet of Things) attacks. There will need to be a higher level of security which many current vendors are not able to provide yet. Hackers will take advantage of this gap to “sneak in malware and steal large volumes of your SaaS data at breakneck speed.”

 

AI (Artificial Intelligence) will become even more two-faced. While the benefits of AI are countless and help to protect our security, defakes (fake videos) that can spread misinformation will become more prominent and new types of cyberattacks will result because of them.

 

Organizations will continue to see their biggest asset, their employees, become their biggest threat. As reported in Governing.com, “The problem is that now our most important information, whether it’s sales prospects or customer lists or source code … is spread across the organization and is highly portable on a thumb drive or e-mail … information is less ‘siloed.'” Their study shows that “63 percent of people admit that they took data from their last job and brought it to their current job.”

 

We will also continue to see more fake apps and shopping cart viruses, new account fraud, apps that share our data along with phishing scams (and whaling scams if you’re a high-ranking executive or banker). Identity theft will also be rampant through social media. Lastly, child identity theft will continue to rise. It is suggested that every child have a credit freeze on their file. If you would like more information about how to do so, please reach out to our Member Services team at memberservices@guardwellid.com or call 1.888.966.4827. We are here to help 24/7/365.

Founder and CEO on iHeartRadio 700WLW Podcast

Founder and CEO on iHeartRadio 700WLW Podcast

On December 5, 2019, Guard Well Identity Theft Solutions Founder and CEO, E. Allan Hilsinger, was interviewed by Rocky and Rachel on Cincinnati’s News Radio 700WLW. Topics discussed during the ten-minute segment (51:50 to 60:52) include the risk of living in a technologically advanced society, what a digital footprint is and how to reduce the risk of your data being collected and sold online.

 

Hilsinger remarked, “We all have a social security number. We are all at risk. If you haven’t already been victimized by identity theft or identity fraud, it’s going to happen. It’s a sad reality…” He stated that there are 3.5 million Google searches every minute and 4.3 billion Facebook posts every day “…all of that information is being collected and sold.”

 

What can be done to help reduce this risk? Hilsinger suggested the following in the podcast:

– Be careful about what information you put on social media. For example, remove your birthdate from your Facebook account.

– When you search online, do it privately. Don’t allow cookies if possible when looking at websites.

– Try not to share your location with Google Maps.

– Inactivate and delete any old email accounts.

– Search for your own name on Google and see what pops up. If your name is listed on People Search or People Finder, you can submit a request for them to pull your information down.

 

Hilsinger also discussed a service site called DeleteMe.Com that will facilitate users in deleting their presence on other sites and will provide information on privacy laws in multiple countries to better educate the users on their rights in relation to data privacy.

 

To listen to the full podcast, visit https://www.iheart.com/podcast/eddie-rocky-20799661/episode/rocky-and-rachel-12519-53509284/?fbclid=IwAR2zfrqzsSc8c08pB3-YOiBR6WH3k3jszEVWPJytlzSlnyvJ3qVihPD7j6c

SIM Swap Attack – the New Hijack

SIM Swap Attack – the New Hijack

Imagine no texting, no service, and no data for a minute. Yikes! Halloween or not, the lack of being able to connect is a very scary thought and it can happen to any of us due to a tiny piece of plastic called a SIM card. There is a SIM (subscriber identity module) in every mobile device and it is what connects the user to a cellular network. Unfortunately, there is a wide-spread SIM swap hack that allows a thief to hijack your cell number.

 

Also known as a port out scam, simjacking, swim swapping, and SIM splitting … this latest scam can wreak havoc in all of your accounts associated with your mobile phone number. Everyone with a cell phone is at risk of this type of takeover. The PEW Research Center, a nonpartisan organization based in Washington D.C., reported this year that 96% of Americans have a cellular device and 92% of them go online daily. Considering that there are approximately 330 million Americans, that’s a pretty large target market from a hacking standpoint. No one is immune. A number of high profile attacks have occurred via Instagram and Twitter. The website wired.com reported that Twitter CEO Jack Dorsey’s own twitter account was hacked via this method this year.

 

What is a SIM Swap?

This type of scam is an account takeover fraud. It targets a weakness in two-factor authentication and two-step verification in which the second factor (step) is either a text message or a call placed to a mobile telephone. This is achieved by the fraudster impersonating the victim using personal details to appear authentic and claiming that they have lost their phone. The victim’s phone will then lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows them to intercept any one-time passwords sent via text or telephone calls sent to the victim, and thus to circumvent any security features of accounts (such as bank accounts, social media accounts, etc.) that rely on text messages or telephone calls.

 

Damage from a SIM swap can have a snowball effect. Since the scammer would be armed with your login credentials, not only can they steal your money, take over your email and social media accounts, but they can lock you out of them all and open up a new cellular account in your name … or buy that new phone you’ve been eyeing for months but won’t have the joy of using yourself.

 

Is a SIM swap preventable?

No. It’s impossible to completely prevent someone from gaining access to your phone number through a SIM swap due to the fact that the scam requires no misstep on your part (such as clicking on a bogus link). All the scammer needs to do is convince your carrier that they are you and to transfer your phone number to their SIM. As described by Michael Grothaus with Fast Company, “There’s nothing inherently shady with doing a SIM card swap. If you lose your phone or your SIM card is damaged, for instance, you might go to a mobile carrier store or even call up customer service to have your number transferred to a new SIM.”

 

Even though you can’t prevent a swap from happening to you, there are ways to make it more difficult for a scammer. Grothaus suggests to use an authenticator app such as Authenticator by Google, Microsoft AuthenticatorLastPass Authenticator, and 1Password. A single authenticator app can handle all your authentication codes no matter how many different accounts you use.

 

Other courses of action you can do to help prevent a swap include:

– Limit the personal information you share online. Identity thieves will find information to answer the security questions you may have set up to verify your identity. For example, if one of your security questions is, “What is my high school mascot?” and you list your high school name on your Facebook account and that information is not on a private setting, it’s not difficult for a good sleuth to figure out your mascot’s name.

– Set up a PIN for your cellular account and do not share it with anyone.

– Do not reply to calls, emails and SMS messages that could be a phishing attempt to request your personal data. Make sure to read our blog “Accidentally Clicked on a Phishing Link – Now What” to get up-to-speed on phishing scams.

 

The Federal Trade Commission offers a few tips on what to do if you suspect that you’ve been swapped:

– First, contact your cellular service provider immediately to take control of your phone number. After you re-gain access to your phone number, change your account passwords.

– Check your banking, credit card and insurance statements for unauthorized charges or changes to your profile.

– Call your identity theft resolution provider. A Guard Well Member Services team professional is always on hand for you 24 hours a day, seven days a week and every day of the year … yes, even Halloween. There are enough tricks flying around. Here’s to receiving a treat this year!

 

 

Do You Know What Alexa, Google and Siri Are Up To?

Do You Know What Alexa, Google and Siri Are Up To?

Not everyone has a smart speaker in their home or office, but most of us do have a smart phone. When setting up your device, you were likely asked whether or not you wanted to activate your assistant. Doing so doesn’t take very long … you say a few phrases when prompted so it can get to know your voice and that’s pretty much it … you officially have a virtual assistant. Have you ever wondered how your assistant actually works?

 

Virtual assistants, such as Amazon’s Alexa, Apple’s Siri and Google’s Assistant, use artificial intelligence (AI) to parse what is said or typed and then provide useful information back. Want to know something quickly without lifting a finger? Simply say a wakeword phrase such as, “Hey Siri,” or whatever your smart application is called, and ask away. You could say, “Who wrote Gone with the Wind?” or “What is 23.5 times 6?” or “Play I Can’t Get No Satisfaction.” When you talk to a smart phone or speaker, you know that your voice is being recorded and that there will be a result – sometimes it’s an answer, other times the correct action is taken or occasionally there may be an inquiry back to clarify the request. But, just as false starts happen in races, false positive recordings can be triggered by something as simple as someone zipping up their jeans because it sounds to Siri like the person’s muffled voice. If you have ever experienced Siri being accidentally activated during a time when not requested, you know that it can be a bit embarrassing … and a little unnerving.

 

If privacy is a big concern of yours, you might want to throw your smart speaker or device out the window. These instruments are indeed paying attention to us, but does this mean that they can listen and record all of the time? Amazon hopes so. A newly revealed patent application filed by the company is raising privacy concerns over an envisaged upgrade to the company’s smart speaker systems. This change would mean that, by default, the devices end up listening to and recording everything you say in their presence. The idea is similar to Apple’s live photos, where video is recorded before and after a user takes a picture. Since the application is being asked to do something for us, then we are basically acknowledging that our privacy isn’t desired at that point in time.

 

Amazon.com, Inc. employs thousands globally to help improve the Alexa digital assistant through its line of Echo speakers. Rene Ritchie explained in his latest blog (July 28, 2019) titled Why People Are Freaking Out Over Siri Privacy Right Now, that “the team listens to voice recordings captured in homes and offices. The recordings are transcribed, annotated and then fed back into the software as part of an effort to eliminate gaps in Alexa’s understanding of human speech and help it better respond to commands.” Ritchie remarked, “If Amazon does decide to use the tech in its products, it’s unclear whether customers would be able to opt out of the ‘always on’ recording.”

 

Ritchie continued on with detail about Amazon’s patent application. “While the patent application explains devices would record audio in 10 to 30 second increments and automatically delete unneeded clips, privacy experts say it is cause for concern because it demonstrates tech companies’ growing ability to surveil customers at all times and potentially misuse collected information.”

 

Let’s take a glance at another tech giant, Apple, who recently told The Guardian: “A small portion of Siri requests are analyzed to improve Siri and dictation. User requests are not associated with the user’s Apple ID. Siri responses are analyzed in secure facilities and all reviewers are under the obligation to adhere to Apple’s strict confidentiality requirements.” The company added that a very small random subset, less than 1% of daily Siri activations, are used for grading, like whether the request was intentional or a false positive that accidentally triggered Siri, or if the response was helpful. They added that those snippets used for grading are typically only a few seconds long.  But, what if those few seconds just happen to be you discussing a very private medical issue with your doctor or a very sensitive issue with a family member? How can you prevent being part of a company’s grading process? Currently, the only way to have peace of mind that a random stranger won’t listen in on your Apple device is to stop using Siri entirely.

 

Heidi Messer for The New York Times wrote that “consumers should not be so paranoid about privacy. “The right to absolute privacy no longer exists and excessive regulation of tech companies will only stifle innovation and prevent job creation.” Privacy in the digital age may not be completely deceased but it is hanging on by its fingernails. Just remember, when you agree to use these products, you’re often giving up much more than you think.