Cybersecurity – Business Cyber Risk

Beware: a new scam using key elements of phishing and shame hacking

Posted on July 16, 2018July 15, 2018 by Shawn E. Tuma

Cybercriminals are using yet another new twist on the old email phishing attack: they email people claiming to have infected porn sites with malware that allowed them to take over the recipient’s webcam and record them sitting at their computer watching porn and if they don’t pay up, the video is going public. I discuss this new method of attack in the video above.

For people who know they have never watched porn on their computers, this probably isn’t too effective. For everyone else, this threat of public shaming can be a powerful motivation to comply with the extortion demand.

This is another example of what I have often described as shame hacking, the use, or threatened use, of purportedly hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with the demands made of them.

Shame hacking is one more way that cyber criminals have learned to monetize the fruits of their criminal actions and represents an increasing trend for how hacked information can and will be used for many ways. I have blogged about other cases where hackers have relied on shame hacking for profit.

Dallas / Fort Worth CBS News station in Dallas / Fort Worth did a story about this latest attack and invited Shawn Tuma on to explain more about it. See story here

Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom

Posted on June 1, 2018May 31, 2018 by Shawn E. Tuma

In my latest article in Ethical Boardroom article, I explain some of the not-so-obvious reasons why you need an experienced cyber attorney on your team: Why you need a cyber attorney (Spring 2018)

Here are other Ethical Boardroom (@EthicalBoard) articles that I have written or contributed to that are also available for free:

Cybersecurity: A Fiduciary Duty (The #CyberAvengers)
Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules (Winter 2017, p. 140)
Managing Cybersecurity Risks for Boards of Directors (Winter 2016, p. 116)
Cybersecurity Risk: Law and Trends – A Director’s Duties Must Evolve With the Company’s (Spring 2015)

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

What does it mean to “hack back” and is it a good idea?

Posted on May 4, 2018May 4, 2018 by Shawn E. Tuma

There is more and more talk about companies hacking back against those who attack them in cyber space and whether allowing them to take such measures is a good idea. Right now, hacking back, or active defense, as it is often called, is illegal under the federal unauthorized access law, the Computer Fraud and Abuse Act. There are current federal efforts to change this, along with some woefully misguided rumblings by some state legislators (who do not seem to understand that the CFAA supersedes anything they pass to the contrary).

So, the question is whether hacking back a good idea or will it cause more harm than good? Shawn Tuma was a guest on the KLIF morning show to discuss this issue. Go here to listen to what he had to say about it.

What are your thoughts?

Can your company do business without its computer system? Let’s ask Atlanta!

Posted on March 23, 2018 by Shawn E. Tuma

In the world of cybersecurity and data protection, we tend to think about most cyber incidents as being “data breaches” because that’s the term de jour that occupies news headlines. Because of this, far too many companies think that if they do not have valuable data that hackers would want to “breach,” so to speak, they do not need to be concerned about cybersecurity. While this is wrong on one level because all data has value to hackers, it is even more wrong on a much greater level.

There is a lot more to cybersecurity and data protection than just breaches of the confidentiality of data (i.e., “data breaches“). Hackers have shown a strong trend over the last couple of years of attacking the computer system itself and, as some call it, “bricking” company’s computers and/or data and demanding an extortion payment in exchange for their promise to honor their word and undo the damage (if they even can). This is the process underlying what is often called ransomware.

Do you see where I’m going with this? If not, let me see if I can simplify this process for you a bit with the question below: (1) If you still think your company does not have data that is valuable to hackers, and (2) You still think that means that your company does not need to focus on cybersecurity,

Can your company continue to do business if it is not able to use its computer system?

If you’ve seen the news today you see that the City of Atlanta has had many of its computer systems bricked by ransomware and those business operations that require the use of those systems are now shut down.

Now, let me ask you, “how many days can your company go without doing whatever it is that it does before it really begins to hurt?”

Still need more convincing? Ok, I addressed this issue in more detail in Chapter 5 of The #CyberAvengers Playbook (free to download) — go give it a read.

The City of Atlanta is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information. We will post any updates as we receive them. pic.twitter.com/kc51rojhBl

— City of Atlanta, GA (@Cityofatlanta) March 22, 2018

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Down the Security Rabbithole Podcast #DtSR with Los and Tuma talking all things #cybersecurity

Posted on March 7, 2018March 6, 2018 by Shawn E. Tuma

This week’s #DtSR Podcast featured Raf Los and guest Shawn Tuma talking about all things cybersecurity. Check out more of what was covered and listen to the podcast here!

Check out some of the past episodes with Tuma as a guest.

Share on social media and join in the discussion!

This week on #DtSR @ShawnETuma joins us to talk about #breach and #incident #notification, especially with regards to #GDPR and other international and local laws. This is a big update, so grab a writing instrument and your cup of coffee, then settle in! https://t.co/K8qnfxZ7pC

— Down the Security Rabbithole Podcast (@DtSR_Podcast) March 6, 2018

______________________

Tag: Cybersecurity

Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom

Like this:

What does it mean to “hack back” and is it a good idea?

Like this:

Can your company do business without its computer system? Let’s ask Atlanta!

Can your company continue to do business if it is not able to use its computer system?

Like this:

Down the Security Rabbithole Podcast #DtSR with Los and Tuma talking all things #cybersecurity

Like this:

Please share this!

Like this:

Please share this!

Like this:

Please share this!

Like this:

Can your company continue to do business if it is not able to use its computer system?

Please share this!

Like this:

Please share this!

Like this: