Recently, security breaches at several websites such as LinkedIn, Yahoo, and eHarmony have made headlines when each company had their databases compromised, resulting in millions of passwords being leaked to the public. Unfortunately, in cases like these, even a secure password doesn’t help. This is because when a company’s website, database, or network is compromised the onus is on them, not the user, to protect the information they are storing.
That’s scary, right?
Even though LinkedIn’s passwords were encrypted with SHA-1, which is relatively secure, they were still susceptible to cracking. In eHarmony’s case, they had approximately 1.5 million passwords stolen and leaked online.
So why does this happen?
Hackers will frequently target large companies such as these to “test” how secure their databases and networks are, and as long as people with malicious intent exist, this will continue to be a growing security concern.
In a recent keynote during the Black Hat 2012 security conference in Las Vegas, former FBI official Shawn Henry declared a call to action. He called upon security enthusiasts to enlist as “warriors to fight the enemy” in a cyberwar against anonymous attackers who utilize their skills to compromise government and corporate networks to access sensitive information.
According to Henry, one of the biggest threats society faces is our increasing vulnerability; so much sensitive data is stored electronically and can potentially be accessed by anyone with a laptop and an Internet connection. Despite numerous reports of leaked passwords and credit card data, ninety percent of the computer-based attacks targeted classified systems. Therefore, simply relying on firewalled networks provides a false sense of security and companies need to work on being more proactive and taking further measures to ensure proper protection.
Henry offered several techniques to defend data from security threats, one of which involves setting up “traps” that trick hackers into stealing fake data while storing sensitive information behind multiple layers of security.
He ended his presentation with a few words of encouragement to the troops: “You have a responsibility and an obligation to your company, to your customers, to your families, to your co-workers. You have an obligation, because if we don’t do that, bad things are going to happen. This is the time to step up. Together we can change this game.”
Are you a computer security enthusiast? What do you say — are you willing to join the fight to protect our data? What do you do to educate your coworkers, friends and family about securing data online?