Cybersecurity – Business Cyber Risk

Come to our session at #PSR18 – Vendor Risk Management: Maintaining Relationships While Limiting Liability

Posted on October 17, 2018 by Shawn E. Tuma

Are you at IAPP – International Association of Privacy Professionals P.S.R. #PSR18 in Austin? If so, please come to our Thursday 10:30 – 11:30 session on Vendor Risk Management: Maintaining Relationships While Limiting Liability in Lone Star Ballroom A, Level 3. It should be great as I get to be with great panelists Tami Dokken and Melissa Krasnow and we will have Mark Smith as our moderator.

While you’re there pick up your copy of Bloomberg BNA’s Domestic Privacy Profile: Texas!

If you can’t make it, here is a link to the .pdf (hey, I know people!).

Session Info: https://iapp.org/conference/privacy-security-risk/sessions-psr18/?id=a191a0000028eqTAAQ

Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case

Posted on October 16, 2018 by Shawn E. Tuma

The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record $16 million — an amount that is almost three times the next-largest OCR data breach settlement of $5.55 million.

While these numbers are interesting, what is the takeaway for business leaders?

It all started with an employee opening and responding to a phishing email:

Anthem discovered cyber-attackers had infiltrated their system through spear phishing emails sent to an Anthem subsidiary after at least one employee responded to the malicious email and opened the door to further attacks. (HHS Press Release)

While this may be shocking, it is neither new nor unexpected. Most cyber incidents are a result of failures of basic cyber hygiene, not super sophisticated James Bond-like attacks. Read more about this in 1 Step to Improve Your Company’s Cybersecurity Today.

Trump and Kanye West Bring Emphasis to #CyberAware Cybersecurity Awareness Month With Password Example

Posted on October 15, 2018 by Shawn E. Tuma

October is National Cyber Security Awareness Month in the United States. There is excellent cyber awareness content available by going to #CyberAware and #CyberAvengers hashtags on Twitter and visiting The #CyberAvengers Website for free resources, including this free Good Cyber Hygiene Checklist.

President Trump and Kanye West put a big ‘ole Texas-sized exclamation point on the [need for?] #CyberAware campaign with Kanye’s password demonstration while on national tv in the Oval Office.

Politicos will spin this a million ways. Security folks will go back and forth between laughing and crying — and maybe do both at the same time. But, the important thing is that we learn from this and use it as an example to help educate others. I thought there was no better way to do that than by putting “Trump”, “Kanye West”, “Password”, “Cybersecurity”, and “#CyberAware” in the title — how’s that for getting a wide range of attention? 🙂

All joking aside, what are the most important lessons you take away from this example and can you use this lightning rod example to help educate your team, family, and friends about good cyber hygiene?

Did hackers record you watching porn? New scam using key elements of phishing and shame hacking

Posted on July 16, 2018October 22, 2018 by Shawn E. Tuma

Cybercriminals are using yet another new twist on the old email phishing attack: they email people claiming to have infected porn sites with malware that allowed them to take over the recipient’s webcam and record them sitting at their computer watching porn and if they don’t pay up, the video is going public. I discuss this new method of attack in the video above and you can learn more details about how they do it in this article: Don’t Fall for This Scam Claiming You Were Recorded Watching Porn

For people who know they have never watched porn on their computers, this probably isn’t too effective. For everyone else, this threat of public shaming can be a powerful motivation to comply with the extortion demand.

This is another example of what I have often described as shame hacking, the use, or threatened use, of purportedly hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with the demands made of them.

Shame hacking is one more way that cybercriminals have learned to monetize the fruits of their criminal actions and represents an increasing trend for how hacked information can and will be used in many ways. I have blogged about other cases where hackers have relied on shame hacking for profit.

Dallas / Fort Worth CBS News station in Dallas / Fort Worth did a story about this latest attack and invited Shawn Tuma on to explain more about it. See story here.

If you are the victim of shame hacking or any other type of cybercrime, you can easily report it online at the FBI’s Internet Crime Complaint Center (IC3).

Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom

Posted on June 1, 2018October 3, 2018 by Shawn E. Tuma

In my latest article in Ethical Boardroom article, I explain some of the not-so-obvious reasons why you need an experienced cyber attorney on your team: Why you need a cyber attorney (Spring 2018)