Chief Marketing Officer
Originally posted by DataEndure CMO, Kirstin Burke, on linkedin.com
Highlighting the news today is a second massive LinkedIn breach that reportedly exposes the data of 700M users – over 92% of LinkedIn’s total user community.*
Moreover, the hacker has published one million sample dataset on the Dark Web, with records including phone numbers, email and physical addresses, geolocation data, other social media accounts and user names as well as inferred salaries.
While no passwords seem to have been included, this is incredibly valuable data that can and will be used against you for identity theft and persuasive phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. Our cyber adversaries are incredibly creative, and they have time on their side. Time to put together an amazingly credible phishing or whaling attempt, and time to sit inside your network undetected until they have perfected their approach.
This is just the latest in a long succession of breaches, and unfortunately something we the public have grown used to. Credit card number stolen? Check. Fraudulent unemployment claim filed in your name? Double check.
To protect your data today, there are steps you can take personally – and steps that need to be taken corporately. Implemented together, we can start to shift the time advantage back to the good guys.
- As a “user”, it is incumbent on you to make sure the security and privacy settings of the apps you use are set up properly. Basic security hygiene includes strong passwords, not using the same password for multiple applications/websites, and changing passwords frequently. Also, enable two-factor authentication (2FA) wherever available, and however tempting, do not accept connections, especially on LinkedIn and Facebook, from unknown people.
- Organizations need to understand their employees represent their weakest link – and plan around it. Yes, security training is important, but as stated earlier, we have an adversary who is extremely proficient in social engineering – mimicking trusted brands and trusted personal networks in ways we wouldn’t normally question, and are coming at us through email, bad websites, text and phone calls.
With this as a “new normal”, we need to protect employees from themselves. And this isn’t just unsophisticated users, we are setting attacks that fool the most savvy IT or security professionals. In fact, a recent study by Barracuda found that 93% of all attacks started with an inbound email. With a multi-layer approach that starts with advanced phishing protection, and includes blocking known bad websites with DNS protection and employing next-gen endpoint detection and response – you can start to achieve a defense in depth strategy that will more effectively block attacks, identify unusual behavior – and protect critical information.
DataEndure is in the business of helping organizations attain – and maintain – the cyber and infrastructure resilience that is so critical to business operations today. While it isn’t easy, it is achievable. If you aren’t sure where to get started, let’s talk – we can help!
*First reported by PrivacyShark and confirmed by RestorePrivacy.