Broken Car Dashboard

The big one: Protecting good users in a hackable world

GamblingThis article in New York magazine about a hypothetical “Big Hack” in NYC sometime in the near possible future transports the reader into what is an entirely plausible and nightmare scenario reflecting our current state of near nudity when it comes to our digital security. In a description that evokes scenes from Stephen King’s 1980s cult classic, “Maximum Overdrive,” writer Reeves Wiedeman weaves a terrifying narrative. Vehicles are hacked into, causing seemingly random crashes, municipal utilities go down, and hospitals find their medical records inaccessible.

While hacks like this might be a nightmare, let’s back up a little. In order for this entirely plausible hack to occur, first there were malware, Ransomware, intrusions, and lurking. Each instance of potential hacking in the article stems from a real-life example that has occurred in the past several years. A cyber attack on a fictional hospital, for instance, is inspired by a Los Angeles hospital that paid about $17,000 to Russian hackers to get back into their system. Tales of malware and Ransomware attacks are interwoven with blocked elevators and city office buildings brought to a standstill in an almost apocalyptic cyber attack.

This cautionary tale underscores a key aspect of data breaches – they don’t exist in a vacuum. There is a ripple effect when a breach occurs, one that can have far-reaching consequences. The attacks often happen after the breach.

Sure, usernames and passwords can be changed, and juicy targets (like banks, e-trailers, govs and healthcare) are beginning to understand that every little bit of information is prized for the identity lever the fraudster can pull later on with account based attacks.

Bits of data pilfered in breaches can sit dormant for months or years until more data gets stolen and combined into “identity bundles.” These bundles are sold on the Dark Web – the more complete the information, the more valuable the bundle and the more potential for identity fraud in the future.

Look at the recent LinkedIn breach, for instance. We’re already seeing stories about the secondary compromises being blamed on the LinkedIn breach. It’s obvious that traditional security measures aren’t sufficient for today’s world, let alone the future.

This is exactly why behavioral biometrics and analysis are so needed, and so successful. Truly verifying the authentic user is the only way to protect sensitive information. With this information in place, companies have the tools to identify whether a user is the genuine user or not. As a result, that stolen data can be rendered useless – and who’s going to want to take the time and energy to orchestrate a breach when there’s no payoff?

Although Wiedeman’s story is fictional, it’s not at all far-fetched. We’ve seen what can happen, and fraudsters are only going to become more tenacious. Fortunately, there’s still time for us to protect ourselves before a crisis occurs. It’s time we put a stop to the fraudsters by devaluing the sensitive information they’re pursuing and render their “prize” worthless.

Want to read more posts like this? See our full blog here.