Data Breaches That Will Haunt You

Data Breaches That Will Haunt You

This year has been filled with some of the biggest data breaches in history, which is a truly horrific thought.

Halloween is a ghoulish time of year. AMC’s Fearfest is in full swing, Hollywood’s latest terror-inducing features open in theatres, and parties like “A Nightmare on Queen Street” and “Halloween Freakout” are organized. While Jason, Chucky, and Freddy were the nightmares of our childhood, these shriek coaxing monsters seem almost cuddly compared to the shackles of our identity, personal information, and credit rating. Whether you were a Boomer, horrified by Psycho and Rosemary’s Baby; A Gen X’er, terrified by The Shining and A Nightmare on Elm Street; or A Millennial kept up by Scream and Saw, none of those could have prepared you for the horrors of the modern data breach.

 

This year has been filled with some of the biggest data breaches in history, which is a truly horrific thought. It’s a nightmare for everyone involved, and it feels like we’re living in a horror movie. Maybe it’s more than a feeling, maybe we are living in a horror movie. If that’s the case, then tying these breaches back to common horror tropes (from TVTropes.org) should be relatively easy.

 

The Ominously Open Door
The open door, lurking just down the corridor is a common scene in movies, but, in horror movies, it always comes with a jump-scare. That door at the far end of the room is just slightly ajar but we all know it should be closed. Our protagonist approaches the door, the music intensifies, she pushes the door open and we all jump as we get a full view of the monster. Repeat after me, ‘Nothing good ever comes of open doors.’  This same trope can be applied to the Verizon breach in July. An open AWS S3 bucket contained data on somewhere between 6 and 14 million customers. It’s a reasonable assumption that this open “door” scared the Verizon customers whose data was leaked. Much like slasher films, where the same story is told dozens of times, this method of gaining access is not unique. Open AWS S3 buckets also led to the loss of 1.3 million student records from data warehousing company Schoolzilla and more than 9,400 resumes from applicants to the security firm TigerSwan.

 

Anyone Can Die

You never know who is next in the movies. It could be any character at any time. Not only people but animals are also a possibility, so you have to expect the unexpected. Whether you have one scene with no lines or appear in the entire movie with a 15-minute monologue, no one is safe. Just as you think that the last of the heroes will make it out of the haunted house, a glint of an axe on the camera reminds you, “No One Is Safe!” The same is true in the data breach world, just ask the victims of the Edmodo breach. The data of 77 million users was exposed, which is considered to be the largest breach of K-12 student data in history. Data breaches don’t just impact adults, everyone’s data is fair game to malicious actors.

 

Absurdly Ineffective Barricade

We’ve all seen this. Running from the monster, our hero ducks into a room and slams the door. He wedges a small chair under the door handle and breathes a sign of relief. Moments later, the door and chair fly across the room as the monster smashes its way in. The more applicable instance, however, is the bumbling band of misfits that pile every item in the room against the door, step back, proud of their accomplishment, only to turn around and see the monster enter the open door at the opposite end of the room. You can have all the security you want in place, but one opening anywhere is enough for our horror movie villain – and hackers – to get in. Take Equifax, for example, where a single overlooked vulnerability resulted in the exposure of the personal data of 143 million people and more lost sleep than the entire Nightmare on Elm Street franchise.

 

The Calls Are Coming from Inside the House

From 1979’s ‘When a Stranger Calls’ to Drew Barrymore’s iconic opening scene in Scream (1996), this is a well-known and oft-used trope. In the days of cell phones, this doesn’t quite have the same scare factor but many of us remember how scary the idea of picking up the phone and finding out someone was calling from inside the house was. In the days following the release of Scream, babysitters were more vigilant than ever before. While not tied to a specific media worthy breach, the risk from insiders permeates enterprises. According to Verizon’s “2017 Data Breach Investigations Report” more than 14% of breaches involved insiders or privilege misuse. That number is frighteningly high.

 

Camp Unsafe Isn’t Safe Anymore

Relax! We’re safe here… at least until we aren’t. You find a room, you take refuge, knowing that the movie’s killer can’t catch you here and then, suddenly, someone realizes that he can. It was never safe, even when you thought it was. This feels like an overarching theme in the security world. Vulnerabilities always exist, even before they are discovered and every safeguard we make is ultimately flawed in some way. This year, we saw multiple breaches where the aftermath involved MD5 hashes of user passwords being released. This involved both 715K members of PoliceOne, a LEO community, and 700K members of DaFont.com, a font sharing website. MD5 was never really safe, it just took many years for someone to say “Hey, this doesn’t feel very safe,” and many more before anyone demonstrated just how unsafe. At least in the movies, our protagonists know to run when this is said but, in this case, these sites continued on with the broken and insecure hashing algorithms.

 

So, maybe we are living in a horror movie, maybe nightmares are haunting us every day. Statistics for the first half of 2017 put the breach count at 5 breaches daily[1]. If you aren’t scared, you should be. Unlike horror movies, we can’t turn on the lights at the end of the show and remind ourselves that it’s a work of fiction. This is real life and the numbers are scarier than anything Hollywood has ever dreamed up.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3