Here’s a way to illustrate the difference between a billion and a million, using time: A million seconds is 12 days. A billion seconds is 31 years. Perhaps that will help some understand figures by IT Governance that claimed globally, some 2.3 billion records (medical, data, etc.) were breached over just the month of February 2021. Data breaches have moved from major to ‘everyday’ events. Data loss prevention (DLP) isn’t keeping pace. As TechCrunch noted in July, “It’s painfully clear that existing data loss prevention (DLP) tools are struggling to deal with the data sprawl, ubiquitous cloud services, device diversity and human behaviors that constitute our virtual world. Conventional DLP solutions are built on a castle-and-moat framework in which data centers and cloud platforms are the castles holding sensitive data … Unfortunately, these historical security boundaries are becoming increasingly ambiguous and somewhat irrelevant as bots, APIs and collaboration tools become the primary conduits for sharing and exchanging data.”
The average computer user sits down each day and enters a digital world with unfounded confidence that their firewalls and anti-virus software are effective countermeasures against data loss, malware, phishing, or scams. The reality is quite different: firewalls are now easily ‘jumped over’ or ‘plowed through.’ Anti-viral software that finds attacks after the fact is equally pointless. What’s needed is something proactive to find and neutralize cyber security threats. This is why all web users should immediately begin using a “safe browser” every time they’re online. Such browser extensions use machine-learning (AI) algorithms – as well as a large community of members – to constantly upgrade and update info on pages and sites, blacklisting dangerous ones and informing you immediately as you browse. Additionally, a safe browser blocks pop-ups – which are increasingly being used as vectors for cyberattacks – and provides protection from malware that can lead to data or identity theft.
A company or organization has plenty of reasons to be proactive in protecting data. Most firms are now storing data on cloud systems and must find ways of securing it. They might hold personally identifiable information (PII) and there are laws with penalties if such data is breached. Other companies could be guardians of intellectual property, which if stolen, could be detrimental. With an explosion in remote working, employees are accessing company data from their own devices, potentially opening many more doors into sensitive systems. The big players mostly know they have a problem and have begun a dialogue on how to best respond.
Data theft, however, isn’t restricted to companies and organizations. Stories about a hit on a big target might get most of the headlines, but cybercriminals don’t only go for the big fish. A data breach or ID theft can be utterly devastating. What types of people are most suspectable? According to LifeLock, the list starts with children, then heavy social media users, then those with high incomes, and finally, the elderly – but, of course, attacks aren’t restricted to people who meet one of these criteria. As children are high on the list, it makes sense to teach web safety practices early – and use safe browsers that filter out adult content and keep their data safe. The point of stealing a child’s data is the ability to use this “fresh slate” for fraudulently applying for say, a credit card. With a social security number that’s unlikely to be flagged, the thieves can get away with repeated crimes that aren’t sometimes noticed until the person turns 18 and applies for their own credit card.
Heavy social media users include a huge chunk of the population of most countries. People like to “share” … often way too much, and commonly accept friend requests from complete strangers who are tangentially linked to some other hardly-known friend. As soon as a scammer has enough info on you, they can roll out what’s called a “spear-phishing” attack… a highly personalized scam that contains so much personal info, victims find it hard to believe it could be fake. The example of a well-known Indian TV journalist who quit her job after getting an offer to be a “professor of journalism at Harvard University” is instructive: Harvard doesn’t have a school of journalism, but the emails looked so “legit” that even a reporter with years of experience was lulled into accepting what she saw. And the entire mission of that phishing expedition may only have been a bid to collect info on the journalist’s large social media network.
There’s no reason companies or individuals need to surrender to data thieves and cyberattacks. Smart defenses are available, and some are incredibly simple to implement. A safe browser simply runs in the background, ready to jump in at the first sign of trouble. Guarding ourselves isn’t impossible, but it will require some evolution in how we think about our data, and the methods we use to protect it.