The Panama Papers as released this past week are a really huge data dump, in fact one much larger in scale than that of Wikileaks, and the largest to date in history.
The project that resulted in this massive public disclosure, was essentially a cyber security lapse leading to a breach. Following the breach, data exfiltration was executed through leveraging a long known critical failure in the operating system and email servers that were used by the law firm, Mossack Fonseca.
Not only are the Panama Papers a stunning example of a hack that resulted in massive data exfiltration; thus consequently leading to a global reputation breach. But they are also representative of a slow to change cyber security environment in law firms, corporations and organizations globally.
Drupal, a widely used language for databases and other programs has been constantly been providing critical updates since it’s inception. Users of Drupal have to make the choice to keep their systems up to date, or as in this case, not.
The utter lack of cyber security protocols like updating a server, or dealing with over 25 issued critical updates to the operating system/servers bring to mind other major hacks like the Target Corporation hack where 60,000 alerts were ignored by corporate IT staff. This is the opposite of what cyber security protocols would dictate.
Law firm IT staff need to be amongst the first to adopt these basics; but often times are not, and many international law firms have mediocre to poor network security. In that area, the Panama Papers could be any law firm, anywhere. The reputation loss suffered by the cyber security lapse and breach could be any law firm’s clients, anywhere.
Digijaks has been working with clients for years to address the undeniable link between cyber security and reputation control. The Panama Papers simply serve as one more reason why these issues are so connected and so important to both people and organizations.
noun: conundrum; plural noun: conundrums
a confusing and difficult problem or question.
“one of the most difficult conundrums for the experts”
This is the conundrum of the digital age.
One one hand executives of a company will be the first to state they think their systems are secure, and if there are any problems they are small.
Maybe they think their information, data and business relationships are not important to hackers because, “too small”, “not on radar screen”, or “we have nothing worth taking.”
But both of these are clearly conundrums:
But- and this is actually more like a because — Organizations have to think and act pro-actively when it comes to cyber security and privacy. True for people too. If you think you have no cyber weaknesses than you do. If you think you have nothing to lose, than you do. If you think no one is interested in your organization because it is too small or not on the radar screen, than you are wrong, and they are.
Now is actually the time to assess your organization’s situation, and that of your people too. Do it now before you get hacked or breached. Because you will get hacked or breached. Be prepared. Don’t be caught behind a truck that just ran over your business and people.
My company Digijaks sees a lot of these types of issues with clients. Preventive medicine works, in healthcare and cyber security. Both need daily hygiene and maintenance and both also need updates, checkins and repair work too.
Ah, the Internet of Things.
Just the sound of it sends thrills, chills and huge question marks through both technologists and regular people alike.
Just think, you can already do the following:
I could go on with this list. But why bother?
The Internet of Things, or IOT as it is called in the media, by analysts and techies alike is an amorphous concept and does not easily translate into everyday speak for the average person.
There are cybersecurity concerns with the overlapping inter-connectedness that are growing exponentially by the month; as more and more devices come on line, get connected to the Internet. Many if not most have little to zero security protocols built in.
There is no current “IOT cybersecurity standard” or anything close. As a result, the apps and tools that seemingly make your life so easy, are in most probability leaking, if not pouring personal information about you or your family onto the internet in ways you may or may not be aware of.
There are reputation control and reputation management issues arising from both the above mentioned inter-connectedness as well as from some basic common sense things that come from having devices connected to the Internet and talking to “home” or each other in ways that also reveal identity, location and other personal information. Some of these IOT apps and tools even tweet or post other social updates for you as reminders, alerts and other pushed out information into public or semi public arenas.
So ask yourself 5 Major IOT for Reputation Questions:
Every day we hear of more stories of people’s Reputation getting smashed instantly online. On a personal level it just plain sucks, and causes mounds of heartache, headache, paperwork, and costs. To a business or a brand, there are risk mitigation and compliance issues, trademark defense costs, and reputations getting taken down, despite having been built up over years or decades.
It could be any trigger. Even, a mistaken identity or you share the same name as someone who gets in trouble.
Or it could be malicious from criminals, or cyber hackers looking to steal your identity, or file false tax returns to claim fake refunds, or to make it appear you were the one who did something when in reality it was someone pretending to be you.
The problem is multifaceted in that it can come from almost any angle, and happen at any time relatively instantly thanks to the linkages that exist between content, social media and search. Digijaks’ CEO has written about this triangulation before as it relates to cyber security and how we all need to look at the this inter-relationship, and it’s effects on all of us.
It is extremely important to understand that your real life – offline, not digital experiences now can and will be instantly transmitted by others, with or without your knowledge and with or without your consent.The little every day things, from getting coffee to getting dressed, to private conversations between two people are suddenly potential fodder for instant intent smearing, reputation trashing and persistent online harassment. Just because someone else had a smartphone on.
This is without writing harsh or bad emails, or saying inappropriate things, or doing illegal or immoral things. The above is just for the regular people who now find themselves in the daily potential trap of someone else deciding to make an internet mockery of them. Just Because. But then, there are the people who are out there willingly doing things to disrupt their families, their businesses, and themselves. There is an entire group of people doing these things every day, hoping no one will post their baggage online and trash them. Some even think it can never happen to them. They are above recrimination or above being outed for whatever proclivities they engage in.
Digijaks offers boutique solutions for high impact individuals, brands and organizations to deal with the combination of cyber security, social media and reputation management and control. We see and hear all kinds of stories. Those from people who are completely innocent and just get caught up in something a bad person did. Those from people who admit to making mistakes and now are working to try to fix the damage or prevent it from happening. Then there are those who just think things will never catch up to them. But they do.
The reality is, the ability to trash reputations, for others to *control your reputation* is all too real. Whether you like it or not.
It is, as is so commonly mentioned in the media: “That Time of Year Again.” Yup. Packages. Shiny New Things. Cool Toys for the Kids and kid-adults alike.
It is also the time of year of increased cyber crime attempts aimed at retailers.
Add also the time of year when more families and organizations introduce new varieties of malware, ad-malware, viruses, worms, bad bots and devices that phone “home” into our homes, workplaces and civic spaces.
Malicious Adware Uses Certificates to Disable Security Products https://t.co/ijllAbzIXr
— Alan W. Silberberg (@IdeaGov) November 23, 2015
How? Because many devices are coming pre-loaded with malware. How many parents look into the workings of a cheap tablet before handing it off to the kids? How many people are checking new apps to see the permissions being requested on those new devices and old ones too?
Do you know what your connected devices are doing this holiday season? Perhaps it is not just calling the North Pole, but indeed calling “home” with your life information. This applies to talking teddy bears, connected fridges, Iot devices of every stripe, but not to mention your phone, tablet, smartwatch, car.
Skype, WhatsApp, and Yelp access your data hundreds of times, but nobody knows why https://t.co/xMvvlCrafF
— Digijaks (@Digijaks) November 24, 2015
A few weeks ago I wrote this piece about #IOT Cybersecurity and how it affects personal and brand reputations. I got a lot of criticism for basically speaking the truth. I appreciate all the tweets, emails and Linkedin posts engaging on this piece, including all the people who attempted to say I was wrong.
But the points raised in that piece are simply the opening salvo in a multi front disruption. The disruption is NOT IoT. The disruption is to switch from product leading first with security as an afterthought in the rush to go to market. What needs to change is the mindset to build in design security from the beginning,
Last week I sat on a panel at the California Cyber Security Task Force meeting. The panelists were all cybersecurity experts, from across the field, including homeland security, penetration testers, strategy and policy. When it came time to talk about #IOT Internet of Things, we were all asked what people thought about the current state of cybersecurity in IoT.
The answer from the entire panel was: THERE IS NO SUCH THING AS CYBERSECURITY AS OF YET IN THE INTERNET OF THINGS.
Think about that for a second. Or maybe longer. Sure there are a few Iot devices that do offer some level of security. But often, as was raised by one of the other panelists, that is simply writing a marketing statement to the effect of “We take your security very seriously.”
But most IoT devices do not provide any real security, and many are simply copies off other IoT devices that also have no security. Then you have to add in the problem of the unsecured devices talking and sending your data to other non secure devices and or third party companies.
The disruption has to be the switch from rush to market with little to no thought about security — to one where security is built in from the design level up and where devices are not put on the market without first being hack tested every which way to be able to prove their security credentials. Otherwise, we are all simply at very real risk. In part because of the inattention or even stupidity of others who do not think this is important; or in the rush to market skip cybersecurity completely — or just write a lame #fail marketing statement about how they value your security.
Alan W. Silberberg, CEO of DIGIJAKS
In Digijaks daily course of business with reputation management we come across a lot of people (adults) who have seen their life get turned upside down because of something appearing in search results that negatively affect them. This happens so much, and so often it has created a whole industry to deal with it. Search results leading to problems to people happen for many reasons. I recently wrote about this problem on the Huffington Post as it relates to adults.
But this same correlation exists for kids, for families and the same problems may arise, but with lifelong implications. Imagine being an 11 year old who innocently posts a picture or a quote or a poem or a location, thinking nothing of it. Fast forward 6 years to college applications. You can be very sure college admissions officers are carefully looking at social media, at search engine results and other digital mediums to find reasons to say no. The same is true for private high schools; and employers, the military and many others.
We all need to work with our kids to help them understand the direct linkage between social media use and search results that can and will last a lifetime. This affects a lifetime of Reputation Management and Reputation Control efforts that need to start at a young age.
Cybersecurity used to be be the geek’s eagle’s nest. it was hard to understand, hard to get to, hard to see the impact and need often times. If there was a CIO or CISO, he/she would not be in the board room too often, and usually the budgets were the first to go in any budget change environment. But the cycle switched. Now we are in the opposite cycle. The CIO and CISO are ruling the roost and commanding serious budgets and attention. But being missed in all the excitement is this:
The Crossover from pure cyber crime to real world crime from the same instance.
It is safe to say, times have changed. Now – Cybersecurity has become a word known in almost any home where there is digital connectivity. Time and time again, we are offered proof that cybersecurity now encompasses reputation management; active control of search and social media as well as the traditional hardening of data access points, transport points, and login authorities. Cybersecurity itself has become such a buzzword that it threatens to create a numbness for people hearing it and responding to it.
Recently Digijaks has worked with multiple clients who have faced the crossover from Cyber Security to Real Life Security. It is our recent experience that shows us that law enforcement is *mostly* unprepared for cyber crossover attacks and does not yet have the substantial depth of understanding of the relationship between social media, cyber security and real life people.
The connections are impossible to overlook. What starts as a cyber threat, like impersonation of another; brand or trademark attacks, social media memes and fake social media sock puppet accounts — can now easily and does easily cross over into real world crimes.
The real world crimes escalate too, often in parallel with online escalation. In our recent experience in dealing with the crossover, most law enforcement agencies of *all levels* are simply not prepared to cope with this reality, and have few to zero people in place who are trained investigators and can assist the public, or corporations or utilities or governments with cyber cross overs.
Digijaks CEO Alan W. Silberberg is advising both the company’s clients and law enforcement agencies to take these “cyber cross over” events seriously. There is growing evidence amounting that shows that real world crimes are becoming easier in some ways and can be facilitated through initial cyber intrusions, whether phishing, trolling or direct digital attacks.
This is leading people who were previously *only* cyber criminals or terrorists to become real world ones too, often at little to no monetary cost. We see this a true emerging threat, as yet mostly being unaddressed either at the Federal or State levels, and a threat that is most acutely faced in local communities who very definitely are not prepared.
Reputation. Is hard to get, hard to maintain, hard to control; especially in an era of hacking by governments and criminals alke.
Cybersecurity is something many people long put off as a back burner decision, or lower funded priority, but in actuality is a critical need, now at the forefront of many leaders’ thinking due to the sheer number and audacity of the hacks from 2013 forward. There is a distinct triangulation between reputation control and cyber security and search results. The more things get hacked, the more information flows onto websites, both for sale, and for free, and the more the search engines index these results. Digijaks’ CEO Alan W Silberberg has written about this triangulation before as it relates to cyber security and how we all need to look at the this inter-relationship, and it’s effects on all of us.
The recent OPM hacks were so huge, the numbers are simply staggering that it is hard to process for most people, especially “regular people” who feel this does not affect them or their friends or family.
But in addition to the 21+ million social security numbers that were stolen in the OPM hack, so were over 1.1 million sets of people’s fingerprints. People who serve the US Government in all sorts of capacities, some secret, some not. So in addition to the notion of identity theft through the means we have become unfortunately accustomed to, like credit, social security and personally identifiable information (PII) — we now have to contend with the theft of biometrics.
It means every citizen, whether they believe the OPM hacks relate to them or not, have to start taking on steps to protect themselves. When a nation state can combine vast databases of personal information with biometrics for some of those same people; it means that nation state, or proxies or vendors it sells to could become one of us through surreptitious methods. It means identity theft is potential on a massive scale, as is exploiting people through their information in security clearance documents or medical records.
It means the push to make encryption weaker or illegal should actually be reversed to become a push to make encryption a standard for citizens; and one that is supported by our Government ln light of attacks and theft of information from tens of millions of US Citizens. The US Government through the Congress should adopt stringent laws making it hard not to encrypt personal information.
It means, think about what information you put in the cloud. Think about what information you put in social media. What information you never put into digital form. It means think about carrying a second and or even third form of identity in case you are ever challenged with not being you.
As the CEO of a cyber security and reputation company, I have to admit to not being surprised by the recent successful hacking and penetration of the US Government.
While the scope of the recent events is most definitely shocking, myself and others have been researching, writing about it and trying to push and pull officials to focus on the whole set of threats, not just the known ones, and not just the data hardening ones.
This recent set of hacking and penetration successes were definitely done by a Nation State, China in most probability. But guess what?
The intrusion was apparently found by a Vendor doing a sales pitch to the US Government, and not by the billions of dollars of hardened equipment or custom platforms designed to stop cyber attacks.
I am not being critical. Nor attempting to assign blame. It is what it is. Millions of Americans who work for or have worked for the US Government, myself included have been hacked. Not just hacked, but all of our secrets may soon be on public display or for sale or other.
In the past few years, US consumers have been the targets of hacks from any number of companies that were breached, from Target and Home Depot to Equifax and Anthem among the biggies. But the reality is most companies have probably been hacked.
Most small to medium business do not have the sophistication or the resources to put in place strong cyber defenses. Even for the ones that do, that does not mean a successful defense.
What it means for you:
1. We are all vulnerable. Do not think your information is safe.
2. Disconnect computers from the internet when not using them, and power them down. Same for devices like tablets or phones or other internet connected devices.
3. Create a backup hard drive, find an encryption program you can easily use, and create an encrypted back up of your life.
4. Maybe your whole world does not to be interconnected. Maybe the smart home is not so smart in light of the potential privacy and security vulnerabilities presented by the inter-connect.
5. Take steps to protect private information. Get a safe deposit box at a bank, put all original documents in it, plus a copy of them.
6. Try to make air gaps between your information. Keep your financial records in one secure place. Your medical records in another, different secure place.
7. Be aware that your life may well be not private at all.
8. You are not alone, in fact maybe your whole country is right in the same situation.
In 2013, at my Gov20LA event we hold annually, I made some remarks about the need for families around the world to adopt encryption techniques to protect their information and themselves. That message was partially intended for families trying to fight against tyranny abroad; but is also a critical message for all of us now.
Bottom line though is that the world has changed. *A lot.*
We all want it, work for it and strive for it throughout lives and careers.
We all have one. It us up to us to define it, scale it and defend it.
Which one is more valuable? Which one brings more of the other?
This is a two sided question. To some people, money is everything. To others, their reputation is everything, with money or without. While most people might reflexively think that money is more important, others will emphatically state that reputation management is paramount.
Some recent studies weigh in on the side of reputation. Reputation expert Michael Fertik recently weighed in on the issue in the UK’s Guardian Paper.
Digijaks CEO Alan W. Silberberg feels that money and reputation are completely intertwined; and that this effectively goes along with the associated correlation between social media and reputation management.
Money and Reputation are intertwined in ways most of us can barely recognize yet. Pretty soon, if not already, major banks are/will be assessing their clients not just based on assets under control, but on social indicators, and online reputation.
How many times have people searched you during or before routine financial meetings? Have you thought about this yet? 2015 definitely marks the year in which most of us need to start recognizing the distinct correlation between money and reputation — whether online or offline.