2016 has been a very eventful year for technology hacking. According to a new report from CyberScout, there has been a 40% YoY increase in 2016 of US data breaches. This might have been overshadowed by claims of Russian hackers tampering with our election, but it is very alarming.
The reports elaborates stating hacking, phishing, and skimming attacks accounted for 55.5% of instances. Many of these cases involved CEO’s being phished for sensitive information. One would believe that executives overseeing a corporation have the capability to discern cyber threats. Unfortunately, this is not the case. In 2015, Mattel was phished for $3 million. Chinese hackers posed as the new CEO and ordered a wire transfer to a bank account. The email looked valid and received the proper approvals almost immediately. This technique is used in conjunction with knowledge of a company’s financial procedures.
This is the status quo — technologically illiterate executives lacking the critical thinking skills of a teenager. I propose that all executives must pass a cybersecurity course each quarter. These tests would update frequently to capture all developments in hacking technology. This should be a mandated training exercise to prevent further data breaches. This report should be alarming for all industries.
Link: https://www.finextra.com/newsarticle/30014/number-of-us-data-breaches-jumps-40-in-2016
People who work at that high of level must have a good understanding of how computers function, so do you believe that these CEOs are actually technology illiterate or are people just making honest mistakes and falling into well constructed traps?
I agree with the point that Kasim is making that US data breaches area huge issue and action must be taken to prevent them. The past years, including the recent Russian hacking during our US election show that the US is highly vulnerable to online hacks, and clearly lacks in technical proficiency to understand what hacks look like and know how to prevent them.
While all CEOs and executives are very well qualified and intelligent enough to run their companies, there is a clear lack in cyber security knowledge in companies, considering phishing hackers are able to easily trick big companies out of millions of dollars. On one hand, our intelligence agencies can recognise the need to ramp up cyber security and begin to pay more attention to activities online; however, a large amount of the responsibility should still fall back on companies themselves and the intelligence of their employees.
No matter what industry you operate in today, the fact is that you will have an online presence and most of your financial information matters are now all online, so in this way, some immediate online security training sessions need to be implemented, so that every individual who works in an organization and deals with online financials can understand how to stop something that looks fishy. With more education, a lot of the attacks that currently take place can be thwarted, so that our intelligence agencies can focus more on the big picture and watch out for more planned out online hacks.