The Herman Trend Alert
January 21, 2014
Digital Doomsday Coming?
Having heard about the hacking of personal bank records from numerous sites, including Home Depot, JP Morgan Chase, and Target, one could not fail to be concerned. Even the website Snapchat was the victim of cyber attack. All told over the past 12 months, hackers have stolen more than 500 million financial records. We are very vulnerable.
Already Engaged in Cyber-Warfare
"We are not just in a position to prepare for cyber-war", says Curtis Levinson, defense advisor to NATO, "We are already here." We are already under attack and the enemy is stealing our "most precious assets". As the methods and tools of warfare have changed, so have the battlefields.
What will it take for the cyber world to end? Cyber-attack, electric grid failure, EMP attack? "In our multiverse of network interconnections, Cyber Attack has become the unifying common factor of virtually all elements in our contemporary society," adds Levinson.
Cyber Attack is Unavoidable
In fact, it would seem that as a technological society, we must accept that we are being and will be attacked constantly within cyber-space. Levinson believes that cyber attack is "unavoidable". And once we accept the inevitability of attack, "the process and concepts of continuity and recovery becomes increasingly critical."
Levinson sees what's coming is actually "the merging of continuity/recovery with cyber security". He urges that, we must change "our cyber-security paradigm" and insists that we not only maintain a strong perimeter defense, that "we protect the data, information and command/control inside our networks", as well.
Moving from Reactive to Proactive
What we require is "a paradigm shift from Reactive, not to Proactive, but rather to the state of Constant Incident Response," warns Levinson. We need to follow the lead of the Australian Signals Directorate, Australia's equivalent of the National Security Agency in the United States. There are four cyber mitigation strategies that could reduce the potential for cyber-attack at the Organization level by approximately 60 percent:
1. Application White Listing: Everything is prohibited except that which is specifically permitted.
2. Patching All Systems and Networks: They must be absolutely current/up-to-date. If patches are not possible, compensating controls must be implemented.
3. Restricting Administrative Privilege and performing extended background investigations on those personnel who have administrative privilege(s).
4. Implementing a Defense in Depth Strategy of different security layers and segmentation including; VPNs, V-LANs, and application level firewalls and strong cryptography to ensure that there is no single point of failure and/or single direct path into the system. Our definition of Defense-in-Depth must be expanded to include the network core as well as perimeter systems.
Levinson also offers 21 personal mitigation strategies that, when implemented correctly, will greatly reduce the potential for cyber-attack at home:
1. Make sure you install anti-virus, anti-spyware, malware, and adware detection software from a reputable vendor on to your computer and keep it up to date. This will protect your computer from known viruses, malware and adware.
2. Make sure you're banking site (URL) starts with https://, not http://. The "S" indicates a secure transaction using a different method of communication than standard internet traffic.
3. Never use a link to reach your financial institution's website; emails and search engine links should not be trusted. Type in your banks website address into the Internet Browser's address bar every time.
4. Know what your financial institution's website looks like and what questions are asked to verify your identity. Some attacks, known as man-in-the-middle attacks, will change the login page. These changes allow the attacker to see your answers and to add additional security questions. When you log in, the information is transmitted to the attacker and to your financial institution, logging you into your bank's website, while also giving your attacker all of your account information. A vigilant user can sometimes spot these attacks by noticing slight modifications to the bank's standard page: extra security questions, poor grammar, misspellings, a fuzzy or older bank logo or a change to the location of each feature.
5. Be extremely suspicious of emails purporting to be from your financial institution or a governmental agency. Financial institutions should never contact you via email to request you to verify information. If you believe the contact may be legitimate, do NOT use the link provided in the email, instead type in the link to your financial institution in the Internet browser's address bar or contact your financial institution at a phone number you know is valid.
6. If you use a credit card to shop online, use only one credit card with a low limit. Choose a credit card with an online purchase protection plan if possible and monitor the activity on the card as often as possible.
7. Avoid using check or debit cards for online transactions.
8. Always lock or shut off your computer when you leave it unattended. Set your computer to automatically lock after a set period of inactivity (i.e. 15 minutes).
9. Do not allow your computer to save your login names and passwords.
10. Use a strong password; at least 10 characters combining upper case and lower case letters, numbers and symbols.
11. Never access your financial institution's website from a public computer at a hotel, library, or public wireless access point.
12. Properly log out of all financial institution websites and close the browser window. Simply closing the active window may not be enough.
13. When you are finished with your computer, turn it off or disconnect it from the Internet by unplugging the modem or Ethernet/DSL cable.
14. Do not open emails from un-trusted sources or suspicious emails from trusted sources.
15. Do not visit un-trusted websites or follow links provided by un-trusted sources.
16. Do not use the same computer for financial transactions that children or "non-savvy" Internet users use for regular Internet access.
17. Do not use the login or password for your financial institution on any other website or software. Do not write it down. However, do change it frequently.
18. Do not post your personal information on the web. Your high school, maiden name, date of birth, first car, first school, youngest sibling's name, mother's full name, father's full name, best friend's name, etc. are the answers to many security questions on financial websites. When you post this information, you are making it easier for criminals to gain access to your financial information.
19. Check with your financial institution about enabling "Alerts" and other security measures that may be available.
20. If possible, set up accounts that are not accessed through the Internet and use those for long-term savings. Move money between those accounts and active accounts via the phone or in-person visits.
21. Immediately report any suspicious activity in your accounts. There is a limited recovery window and a rapid response may prevent additional losses.
Our forecast is that if they have not already, enlightened organizations will follow this advice and become proactive. In addition, the field of cyber security will have the most global growth of any career field for the foreseeable future. The shortfall in candidates has been felt for years, however as we move into the future, having the right people in this department will be a matter of survival.
Special thanks are due to Curtis Levinson, CDP, CISSP-CAP, MBCP, CCSK, a private consultant and defense advisor to NATO and author of ISACA 14 Digital Doomsday. To read the entire report, visit https://www.isaca.org/Education/Conferences/Documents/NAISRM/ISRM-Digital-Doomsday.pdf
© Copyright 1998-
by The Herman Group, Inc. -- reproduction for publication is encouraged, with the following attribution: From "The Herman Trend Alert," by Joyce Gioia, Strategic Business Futurist. 1.336.210.3548 or https://hermangroup.com. To sign up, visit https://HermanTrendAlert.com. The Herman Trend Alert is a trademark of The Herman Group, Inc."
HEAR JOYCE SPEAK TOMORROW AT 11:30 AM EDT
Tomorrow morning, Joyce will be a Fireside Chat Speakers at the Brightside Business Women Empowerment Virtual Conference where she will talk about how business women can use the insights from her new, groundbreaking book, EXPERIENCE RULES, to be successful. Register for FREE at https://brightsideglobaltrade.org/women.
GET COACHING FOR YOUR PEOPLE FOR LESS THAN $1/DAY!
Gain access to dozens of coaches for the same low price. Find out more by visiting https://ingomu.com/joyceg
JOYCE IS ON THE RADIO EVERYDAY NOW
To listen to Joyce's TV shows on the radio, simply visit RadioFutures.com. Joyce's show is streaming every day at 3:00PM Pacific Time.
To read this Herman Trend Alert on the web: https://hermangroup.com/alert/archive_3-29-2023.html.
Herman Trend Alerts are produced by the Herman Group, strategic business futurists, Certified Management Consultants, authors, and professional speakers.
New subscribers are always welcome. There is no charge for this public service. The Herman Trend Alert is read by over 30,000 people in 90 countries, including other websites and printed periodicals. Click here to sign up for the Herman Trend Alert.
Do you enjoy receiving this weekly e-mail update? Contact us about our co-branded Herman Trend Alert service.
Subscribe or Unsubscribe to weekly Herman Trend Alert
View this week's Herman Trend Alert
Archived Weekly Herman Trend Alerts