011 – Cyber-Hacking: Is your Identity Safe?

Show Notes

Our special guest “Andy” is going to guide us through his story, the top hacks that are out there and the top things you can do to stay safe in this ever-increasingly digital world.

“Andy” started his career in the Army and over the next 12 years moved through responsibilities that increased his exposure to the tactics needed for the type of chess-game that he plays today with some of the world’s largest businesses. Today he specializes in consulting cyber-security, money laundering, and fraud. As we go through this episode and you realize that you need a guy like him, I couldn’t put his contact information in here (even though it is just a front for his real email address) but just email me and I will give him your information to connect ([email protected]).

Here are some things you might need to know about cybersecurity that you should know. First, we always talk about Red Teams and Blue Teams and we are really talking about the internal defensive team (Blue Team) and the offensive forces that try to gain access( Red Team).

Security is not just getting remote access to your accounts, for guys like Andy, it can be just trying to walk into a company and swipe a laptop that already has access. This is a type of physical cyber terrorism. 

Right now we are seeing a huge increase in these Nation-State hackers from nations like Russia and China. Here are some of the biggest hacks that are out there that you should know about. 

Starwood Hotels – Started 4 years before anyone found out. The Russians and Nigerians started it and CHina ended up taking 500,000,000 records including passport information and locations of stay for anyone including US dignitaries. 

Target – $162MM in charges are made against patrons credit cards after hackers hacked a single store register while fronting as AC repairmen. 

Yahoo – 3,000,000,000 records were stolen reducing their valuation by $350,000,000. 

eBay – Admen level credentials were stolen from 3 employees giving the hackers direct access to the database for 229 days without detection in 2017. 

Uber – Programmers at Uber put Amazon Web Services credentials in GitHub which is a hosted software for keeping information. Uber pays $100,000 to have the hackers “destroy” the information which resulted in a devaluation of the company of $200,000,000.

Adult Friend Finder & Ashley Madison – These sites for finding sex outside of your relationship were hacked and instead of selling information, they were doing it. for more ethical reasons releasing the names instead exposing hundreds of government work email addresses in the process. 

Heartland Payment Systems – Gonzolez is sentenced to 20 years in prison for misuse of a computer. 

That raises the question as to what are the top ways that these hacks happen:

1. Social Engineering – The act of presenting one’s self as a positive actor in order to gain access. 
2. Spearfishing – We have all heard of that email from the Nigerian Price that just wants to give us some money. Those phishing schemes are as old as the internet. But Spearphishing is a new more targeted approach to these old tactics. These are specific and deliberate attacks on specific individuals and not just a wide net. 
3. Insider Threat – Someone from the inside that is going to sell your information to outsiders.

What are the things that small businesses should be doing today to mitigate the risk of getting hacked? Outsource your security to people who do that every day.