This month the BrandProtect Executive Threat Brief focused on lessons that individuals can learn from Ashley Madison. It is likely that the Ashley Madison breach will be remembered as one of the most notorious and high-profile breaches ever. Why? Because the exposed data was more than just personally embrassing, it was, in many cases, relationship-changing, employment-threatening, and business damaging.
5 Key Take-Aways
1) Ashley Madison is Bad for Your Business
Many companies saw their name dragged through the dirt as scores of corporate email addresses surfaced among the millions of exposed Ashley Madison accounts. Deserved, or undeserved, it is never good when your company is dragged through the dirt. And when key executives and other corporate leaders are caught up in the story, it can be very bad for business.
During my morning news scan, I came across some interesting articles surrounding the recent Hell Tor deep web cybercrime forum. And in particular, discussion about the associated text file that contained more than 23,000 records that “appeared” to be a user database populated exclusively by user accounts with dot-gov email from the Office of Personnel Management (OPM). After a close review of the file, experts stated that these records -- made available as a teaser and/or as “proof” that the hackers had compromised the agency -- were not from the OPM, instead they were a list of users stolen from a different government agency — Unicor.gov, also known as Federal Prison Industries.
Just a month ago, I wrote about an emerging critical cyber threat trend -- attacks centered on health care providers and health insurance systems. These schemes are very lucrative for thieves because the loot, electonic health records, contains everything needed -- social security numbers, known addresses, phone numbers, relatives, payment preferences -- to create duplicate identities for individuals. Just add the photo.
I’m just back from a fantastic International Trademark Association (INTA) conference. It is exciting to spend a few days with the foremost practioners in trademark and IP world. One of the most visible organization there was a registrar, Vox Populi Registrar, Inc., who owns the .SUCKS gTLD. Their representatives, clad in bright blue and white, were merrily touring the floor, speaking with vendors and attendees, about how much business sense it made to a brand to purchase the .SUCKS domain. There booth featured a continuous slide show of F500 brands,"using" the .SUCKs domain. ibm.sucks; ford.sucks; starbucks.sucks. yourcompanyhere.sucks. Outside the conference hall, there were more blue-clad representatives, passing out .SUCKs items that were prohibited in the hall. The Vox Populi message was communicated clearly -- It only costs $2500/year to reserve this gTLD.
"Isn't that a small amount to pay to know that no one else uses it with your brand?..."
online brand protection,
Chief Security Officer,
Recently, on Dark Reading, Sara Peters and Ericka Chickowski wrote a great piece that ran about PII-centric attacks and threats in the healthcare market.
As the Health Care marketplace moves online, opportunistic criminals are retraining their attacks to focus on Health Care consumers.
Over the past decade, there has been enormous pressure on the healthcare industry to move health records online. Today, according to studies recently published by the U.S. Department of Health & Human Services, almost 90 percent of all doctors and almost 75 percent of all hospitals have deployed at least a basic electronic health record system. And, these adoption rates have soared over the past five years. Insurance reimbursements have been managed online for years, and healthcare enrollments through employers are increasingly managed through a Web browser. The rollout of the Affordable Care Act, with its online purchase model, further accelerated the migration of healthcare to a predominantly online model.
Chief Security Officer,
Mobile App-based Threats Can Quickly Derail Your Brand
Mobile Apps are in the news. And they deserve to be. Mobile devices are driving a revolution in computing form factors and transforming digital commerce. Today, businesses aggressively use mobile apps to provide their customers instant connectivity to content, commerce and customer service. From banking and retail to insurance and entertainment, marketing teams are increasingly delivering mobile apps to drive carefully created brand experiences with their customers via these devices that are permanently on … and rarely farther away than a purse or pocket.
mobile app monitoring
BrandProtect recently concluded a month of online threat monitoring focused in on detecting potential online scams and malicious activities targeting consumers during the BlackFriday / CyberMonday shopping season across the USA.
- Mobile App Threat Potential Triples
- More than 150K scam and fraudulent activity mentions across Social Media
- 27,000 unique phishing attacks
This is the third year that BrandProtect has investigated this online event.
Social Media Monitoring,
On December 11, 2013, the Federal Financial Institutions Examination Council (“FFIEC”) released the article, Social Media: Consumer Compliance Risk Management Guidelines, to educate financial institutions about the risks involved in using social media. There are no additional obligations, however, this Guidance strongly suggests that financial institutions, effective immediately, become educated on the potential compliance, reputation and operational risks as it relates to social media use, and implement these guidelines into their risk management strategy. Credit Unions, like Banks, can benefit from these risk assessment strategies and need to be aware of the reputational damage that can occur via social media as a result of neglecting risk management. Here are the summarized risks that Credit Unions should be aware of and integrate into their risk assessment process:
Social Media Monitoring,