Christine Gadsby is Vice President of Product Security at BlackBerry. Christine is an accomplished Application Security Executive and highly regarded industry expert known for strategically orchestrating security operations and programs, SDLC capabilities, automation, security tooling, risk mitigation strategies, and multi-party coordinated incident response and disclosure. She has contributed to several security working groups in the U.S and Canadian governments. Her current focus at BlackBerry is driving the secure software supply chain efforts focusing on the NIST SSDF, Cybersecurity Executive Order, ISO 29147, ISO 30111, Open Source software licensing and compliance, and SBOM efforts. She is a known keynote industry expert speaker and contributor, including RSA, CCTX, Black Hat, IoTSF, ISACA, CAV, Women in IT, and FIRST.
What would you do if you woke up tomorrow morning and your phone’s photo library disappeared? Or you found pictures of your children being used in an advertisement? The most intimate moments of your life held hostage for ransom thanks to a compromised password d — and unless you pay up, they could be gone with a click. The birthday parties, vacations, Christmas mornings, Halloween nights and all the unexpected moments that get captured in an instant and stored in both our collective and literal memory banks – our phones.
Valuing Data Like We Value Our Vehicles
Just like how we lock up our cars and houses containing our most ‘valuable’ possessions, we need to put the same value and stringent security safeguards on our data and its accompanying footprint. Data is now the proverbial breadcrumbs we can’t help but leave behind. They can contain a virtual treasure trove of insights; as more of our world gets ‘connected’ and moves online. For businesses, the same ethos applies, with data all the riper for the taking in our post-pandemic, work-from-anywhere world where the old castle and moat approach to corporate security can no longer be counted on.
With well documented instances of cyber criminals selling unsuspecting victims’ selfies among their dark web data dumps, it’s no longer out of the realm of possibility. The BlackBerry-revealed BAHAMUT threat group took personal photo stealing to a new level. The group seized what was originally an information security news website and pushed out content on geopolitics, research, and industry news on other hack-for-hire groups by a list of fake “contributors” that used the names and photos of real journalists (including local U.S. news anchors) to appear legitimate. Despite these brazen incidents and the fact that phones and laptops top the list of things people would grab first if their house was on fire, the average person is woefully unprepared when it comes to backing up and securing what are often thought to be our most personal and prized possessions.
The Dark Web Cybercrime Bazaar Where Data is a Hot Commodity
The dark underbelly of the web is known as a black market where shadowy individuals and criminal organizations do brisk trades in the sale of illicit weapons or drugs, and data – both personal and corporate. Data has become the most popular commodity, owing to the importance people and businesses place on it and the intrinsic value it holds. The growing sharing economy is gathering steam in the cyber criminal underground, which now mirrors the well-oiled infrastructure that makes the business world hum. Organized threat actors can tap access brokers and outsourced consultants to deliver more timely and personalized deceptions to their victims at the individual or corporate level. It’s not a stretch to say that the hacker in the hoodie stereotype has graduated and now has a seat at the boardroom table.
In the face of this disturbing trend and the ‘success’ with which well-organized malicious actors have had compromising enterprises and individuals in the form of data breaches, the urgency with which we need to close the gap between what we value and what we leave at the mercy of those that would cause us harm for maximum financial gain, has never been greater.
Cleaning Out Your (Data) Closet
We are in the midst of a data revolution and citizens and enterprises must pay closer attention to the security of their information and where it lives. Just like your closet, your data needs to be clean and organized. With that in mind, we must take data maintenance a step further than knowing where data lives and how many layers of security it has, to ensure information won’t be lost in the case of an attack, outage, or accidental erasing keystrokes.
Businesses should implement a unified approach to consistent backups to ensure their internal and employee data is protected and retained. Scheduling regular patch updates, data backups and keeping copies off-site are simple but effective methods that can make or break your organization’s ability to deal with ransomware attacks and threat actors. Similarly, individuals should look to make backups of their irreplaceable photos and sensitive information on a backup cloud service or hard drive.
Whether you’re Jane Doe the person, or John Deere the company, the onus is on all of us to understand our information, protect it and back it up. If you don’t, you might as well consider it gone, posted up on the dark web where ‘data’ equals ‘dollars’, and personal photos or corporate files are just another asset to be bought and sold.