Data Breaches

Oct. 26, 2015

Transcript:

CHRISTINA ESTES: Cyber criminals seem to be lurking everywhere. A forum on the issue is taking place in Paradise Valley. From controlled chaos to cyberwarfare. The forum is being coordinated by Adam Levin. Adam Levin is here to share his insight. Thanks so much for coming in. You have said the cyberwar has replaced the cold war. What does that mean?

ADAM LEVIN: What it means is that where we are traditionally oriented towards thinking of cold war, now, we have the cyberwar. And whereas we have people talking about building a wall, the truth is the real wall we should be worried about, which is almost impossible to construct really is the cyberwall. And that is how do we protect ourselves against these massive cyber incidents that can result in physical damage and injury because power grids go down, financial grids go down, I mean we could be facing at some point a cyber-geddon and we have to be prepared for it.

CHRISTINA ESTES: Every day we hear from target to the federal government to the director of the CIA, it seems like we hear this every day, every other day and some people sort of toss up their hands and say it's bound to happen, there's not much we can do. Is there?

ADAM LEVIN: There are things we can do but the paradigm shift in the way we think is that breaches have become the third certainty in life. We are facing a very well-armed, well-resourced persistent sophisticated and intelligent group of hackers and there are four kinds of hackers, the folks that do it for the money, the folks that do it because they're state sponsored, folks that do it because it's cause related and folks that do it because they can and they want to prove that they can and we face this throughout the day, hundreds of thousands of attacks on businesses, on government, on individual consumers, and it's a question of how do we adjust to this new reality?

CHRISTINA ESTES: What's the answer?

ADAM LEVIN: Well, the answer is what I call the three m's and that is you need to minimize your risk of exposure as best you can, you need to monitor and you need to have a damage control program and that goes for consumers, business, and government. Now minimizing your risk to exposure is everything that everyone always told you to do from not carrying your Social Security card, limiting the amount of debit and credit cards you're carrying, securing the devices that you use, your computers, tablets, smart phones, they are data storage devices, not just communication devices.

CHRISTINA ESTES: Where am I most at risk if I take the steps, follow the three m's that you mentioned, if you were to follow that, how do I know anybody else is? My doctor or my government?

ADAM LEVIN: You can't know that. That's why you need to be monitoring to detect issues as quickly as possible and you need to have a damage control program and a lot of people think that's very complicated, that's very expensive. The truth is many institutions with whom people have relationships, whether they be insurance companies, credit unions, financial services companies or even the H.R. department where you work have developed programs and are working with cyberpartners that will help you through identity incidents. But you need to know what they've got, what they're doing. You need to ask a question, do you have such a program, am I in it? If I'm not in it, what do I need to do to get it in? Is it free? Then you make a decision but the threats have become so sophisticated, the fact that it takes oftentimes so long to learn that you're having a problem that you're so deep in it when you finally find out that you'll need a professional to help you through it.

CHRISTINA ESTES: What have you seen or heard when it comes to a private entity or public entity who's been hacked? Lessons they've learned, things they've done right after the fact?

ADAM LEVIN: Well, the problem is that so many institutions haven't done right before the fact. The federal government just concluded a 30 day cyber sprint. You have to ask yourself a question, after all the years, all the files, all the breaches, over 1 billion files have been breached containing personal information, why are they now suddenly doing it? So lessons they've learned. Number one, encryption, encryption, encryption and people don't do it. The second thing is data segmentation. For instance, the new paradigm is you are your vendor. If you look at target, for instance, they got breached because a subcontractor to them got breached and that access was used, that privileged access to crawl into their systems. In addition to that, they don't -- the institutions don't do enough testing. They don't do enough training and most importantly, you know, businesses used to be judged on can they stop it from happening. The new paradigm says if they can't stop it from handling, how do they handle it? And unless an institution is willing to handle it urgently, transparently, that institution is going to be damaged permanently.

CHRISTINA ESTES: It sounds like you're not too impressed with any private or public entity, are you?

ADAM LEVIN: I think more and more they're getting better. Some of them have been very good. But here's the issue: Regardless of how secure your system is, all you need is one person to make one mistake, to click on one link, there are companies out there that are hired now to actually phish employees in companies to see whether or not they're going to fall for it and I've spoken to major institutions where first, it was 80%, then it was 60%, now it's 50%, but it's still not far below 50%, where employees are making that mistake and once they make that mistake and a system is infected, you could be exposing millions and millions of people to having a problem.

CHRISTINA ESTES: I'm going to try to follow the three m's not be too depressed over this conversation, really appreciate this information. It makes you feel not very secure.

ADAM LEVIN: We've got a lot of work to do.

CHRISTINA ESTES: Thank you so much, appreciate your time.

ADAM LEVIN: Thank you for the invitation.