Aggregated Data In The Hands of The Hacker
Is Allowing Hackers to Become You…
Yesterday I presented to business leaders in Santa Clara California, and the Santa Clara Marriott Hotel…I was surprised, but not so surprised, at how few of our attendees had recently performed risk assessments. Many of them had never had an actual risk assessment!
In our session we covered a number of evolving trends – one important one is the trend of aggregated data and deep machine learning. If you remember the recent report from Verne Harnish – the emails used to steal over $400,000 sounded like they came right from Verne’s desk. How does that happen?
We’re all being watched. Our data is being both monitored and collected. It’s being aggregated and analyzed.
Our data describes everything about us. Where we go, what we do, what we view online, where we eat and shop, and everything we write. This data is stored, aggregated, sold, and stolen…in the hands of the wrong people, it can be disastrous.
Using deep machine learning computers create an amazingly accurate profile, exposing things we would never share openly. For instance, who has posted their salary on Facebook? Probably no one – yet Facebook advertising can easily target and audience in a specific income range. How does it know?
With the right data, just about anyone can become you online.
That means they’re sending email, giving directives, and even interfacing with your customers and suppliers. But don’t think for a minute that they’re helping you out. In Verne’s case they were ordering Accounts Payable to wire $400,000. His team had no way of checking the validity of this request – other than making a call. But given hundreds of request just like this, who would question it?
Several attendees came up after the session sharing similar stories in their own businesses. In the end, our sponsor, Truman Roe, President of TruTechnical offered each attendee a risk assessment. From my count, every company in attendance took him up on the offer! This is the best place to start…with a clear measurement of risk, companies can be more confident in how they approach their security strategy.
© 2016, David Stelzl