Is Your Employee an Unwitting Trojan Horse?

November 30, 2017 by

We are painfully aware of the breach at Equifax in July that has exposed over 143 million people to hackers. These intruders may be looking at your name, address, social security number, and credit card data as you read this.

Worried?

No one is too smart to fail

The 16 biggest data breaches of the 21st century touched some of the key Internet businesses.

Notably:

  • RSA Security, the security giant,
  • VeriSign, provider of digital certificates of authenticity,
  • Anthem, holder of millions of records of protected health information,
  • and, of course, Equifax.

No business is immune from attacks.

Identity Theft Resource Center (ITRC) reports an alarming rise in Hacking/Skimming/Phishing:

Data breach incidents by type of occurrence [Source: ITRC report on 2016 Data Breaches]

Naturally, the more chances attackers have, the more breaches occur.

The real question is, how secure is YOUR data? There may be several threats for your data security, but one of them may surprise you. Your own employees.

No, they don’t mean any harm. But they still may be bringing in the attackers through open gates past your security wall.

The culprit? Wearables—the type of connected devices they wear to work. Apple watch, FitBit, and the like are useful and fashionable. But they are also great tools for hackers to penetrate your security walls.

Wearables in the workplace—a liability?

What problems do wearables cause? Consider some examples.

  • Some of the wearables store data within the device in plain text, with no encryption—a hacker’s paradise!
  • Wearables communicate using wi-fi and Bluetooth. All such communication is subject to eavesdropping. Wearables are worn everywhere—including public places. Hackers have easy opportunities to gain confidential information.

These are just scratching the surface. As new wearables emerge, so do security issues associated with them.

If you thought the Equifax breach was alarming, think about the new landscape. Use of wearables like smart watches and smart jackets are just beginning to explode. Hackers would have a field day with them.

Does this mean wearables are pure evil?

Are wearables all bad?

It would be a great disservice to dismiss wearables as pure troublemakers. They gain traction in society precisely due to the many benefits they offer, such as:

  • Monitoring personal health. Wearables can monitor the wearer’s vitals and take prompt action. They can avert workplace accidents through early detection of such medical issues.
  • Tracking wearer’s radiation exposure. These specialized wearables can be a life saver in work environments where this is a concern.
  • Augmenting hearing. Hearables like Nuheara IQbuds can augment hearing in noisy locations. These are, in essence, computers in the ear. Some other hearables incorporate real-time language translation.
  • Helping data security. Wearables may lend themselves to detect abnormal behavior of other devices. This can trigger remedial steps to enhance data security.

Wearables and security

A recent study points to a troubling situation. There is a 73% chance of a catastrophic data breach at any business in the next two years. But only 30% of the companies are concerned about it.

An analysis of a breach at Anthem shows how unprepared companies are.

The good news is that companies can keep the damage from these intrusions under control. They just need to prepare for it.

The power of layering

Anthem’s breach may illustrate a common scenario in security breaches. A single failure is rarely the cause of a breach. It takes multiple failures in the security scheme.

A key strategy for better security is to construct multiple layers of security. Each robust in its own right. But designed such that an intruder needs to break through all of them to get at sensitive data.

As an example, let's say you have three layers of protection each with a 10% chance of break-in. Stacking them together will drop the probability of break-in to 0.1%!

Protection of data also involves better detection of intrusions. Prompt detection will enable prompt remedial actions. This may prevent an actual data breach before the intruder breaks the next layer of defense.

No security scheme can be 100% effective. But if you pay enough attention to build robust layers, you keep intruders at bay. If you build enough such layers, the problem becomes small. It becomes a reasonable cost of doing business.

No employee would then need to worry about being a Trojan Horse.

Published in Uncategorized

Leave a Comment

CommentLuv badge