cyber-security approach, philosophy, business, protection

The Capital One hack initiates a chain reaction for other major companies & showcases the trend we should expect; high-profile hacks

It is considered the greatest hack after the Equifax hack and it is shaking big corporations after the latest Facebook penalties. The types of hacks we keep seeing in recent years are a trend we have to get used to unless serious changes happen. Those changes need to be constitutional, structural, behavioral and procedural.

In the reports of companies affected by the Capital One hack Vodafone, Ford, Michigan State University, the Ohio Transportation Department are included but it does not mean this is the final list of affected companies. A spokesperson for Amazon claimed that no other storage buckets were affected but that can only be answered by the people who have the actual data and time.

The hack has targeted an Amazon Web Services storage bucket which included more than 140 000 Social Security Numbers and over a million Canadian Social Insurance Numbers including other personal information. Hackers are standing in line on the dark web to get their hands to the leaked data and capitalize this opportunity by paying huge sums of money.

Both Capital one and Amazon is expected to appear in front of Congress and testify about this data breach. Earlier this week the FBI made an arrest of an Amazon ex-employee Paige Thompson, a former Amazon Engineer.

According to the European Cyber Security Organization statistics, 74% of attacks on businesses is based on the personnel of which 65% happens from a mistake and only 9% on purpose.

The hack clearly shows that the Security Aviation Management programs within all sizes of corporations; even the big ones with an unlimited budget are poor and need to be improved immediately

The hack clearly shows that the Security Aviation Management programs within all sizes of corporations; even the big ones with an unlimited budget are poor and need to be improved immediately.

With the term Security “Aviation” Management, I am referring to at least the following:

  • The addition of ethics courses in all security related professions
  • The addition of data access & protection clauses in employee contracts with access to personal and sensitive data
  • The introduction of psychological and ethical evaluations for employees
  • The protocols, metrics, measures & controls which allow access and duplication of data on a need to know basis internally within a business
  • The preparation of protocols to be implemented when a key employee or an employee with access to personal or sensitive data leaves a company
  • The constant embodiment of business culture as well as employees’ well-being programs and personal development and growth opportunities related programs internal to the business.
  • The control and avoidance of toxic environments created internally in a company which may result to unsatisfied employees expressing their tendency to malicious goals.

Most importantly, it is a very clear indication that all disciplines of security and data protection; physical and virtual; need to fall under the same umbrella. Companies need to restructure and design a holistic protection plan. A proactive strategy design which will allow them to remain IN Control avoiding an attack, being able to contain an attack in case it happens and most importantly the impact it will have for them and for their clients.

So I am now turning it over to you. If you found this tip useful please share it with others.

I cannot wait to hear your comments so leave them below and let’s continue the conversation.



and get the latest updates