Security Tip of the Week!

By Reed Hallowell | April 10, 2014

Not All Data is Created Equal 

Data

In the ever increasing world of cyber crime not all data is created equal, and thus, not all data should be stored the same. Data that can be converted into currency in any way is what hackers are after; we call this toxic data. According to a Forrester article, “Attackers won’t steal data they can’t sell in the market for stolen data like credit cards, credit reports, certain types of IP, and personally identifiable data.” But don’t be fooled by what people tell you is not important data, because often times it can be. Even experienced CISOs are under attack for ignoring their emails and thinking they are safe.

One thing people do which they shouldn’t is to store and share files through email without bothering to encrypt them. Emails are frequently being targeted by hackers to gain personal information as well as company information that can get them a fat paycheck. Are they right not to encrypt their emails? The answer is no. There have been multiple breaches through email, most notably the Epsilon data system breach of 2011.

Forrester’s John Kindervag writes about this breach perfectly stating, “This breach demonstrated the value of stolen email addresses and the need for security and data stewardship best practices in dramatic fashion. Cyber criminals compromised a marketing database containing email addresses from more than 100 companies. The breach affected tens of millions of consumers, whose email addresses are now in the hands of potential malevolent actors. There are real fears that this breach, and others like it, will result in an increase in targeted spear phishing attacks. During a spear phishing attack, cyber criminals carefully craft emails enticing users to click on a malicious link or unwittingly download malware.”

And according to John, it’s nearly impossible to detect these phishing hacks. “It’s often difficult for even the most security-conscious users to identify these emails as malicious. For example, the security vendor RSA admitted that its highly publicized and damaging breach was the result of a phishing attack. There are some indications that cyber criminals targeted RSA in order to attack certain defense contractors that relied on RSA’s two-factor authentication methods.”

Obviously hackers aren’t targeting every email you send or receive, they’d be quite busy if they did. But this is a great example of why everyone should be cautious emailing anything of value, and especially why you should always be extremely cautious when opening up an unknown or suspicious email. These hackers could have gotten your email directly without your knowledge so when it comes to emails and clicking on unknown links, expect the unexpected and do your research.