Recent high-profile cyber attacks such as the Facebook data breach are sparking warnings from security experts and governmental agencies: Consumers and businesses need to protect their data.
“I’m not trying to be doom and gloom, but it’s going to happen,” said John Hey, chief operating officer for Trivalent Group, an information technology services company. “The evolution of the threats are going faster than the countermeasures to keep up with them.”
With October tapped as cyber-security awareness month, the security experts are sounding the alarm bells. From identity theft, to viruses and scams, experts said, cyber attackers are taking advantage of new technologies in their quest to steal your personal information.
The most common cyber-attack is password-based phishing. According to the FBI, phishing-related attacks cost businesses $5 billion in 2017 alone.
“The biggest problem is when people just blindly click links and open up their systems or enter credentials they believe are to a website they think they’re going to,” said Detective Sgt. Jeff Hoffman, with the Michigan State Police cyber command center.
Jared DeMott is a computer security expert. He said he is seeing more sophisticated and personalized email phishing scams. One hacker recently sent him a spam email that said, “We’ve got video of you doing stuff last night, doing stuff on your computer. We’re going to release it to your wife unless you give us $3,000.”
In this scam, DeMott said, hackers revealed they knew one of his old passwords.
“It’s convincing, it’s scary. I think there’s a number of people who have fallen for that,” DeMott said.
Other threats lurk in the background. At the Michigan Cyber Security Conference, Michael Pearson dressed up in a black villain outfit and roamed around the back of a conference room with more than 500 information technology professionals.
“You can go to Starbucks, the guy sitting in Starbucks is not wearing this outfit. He’s not wearing a black hat,” Pearson said.
Pearson isn’t a real hacker but attended the conference to demonstrate how easy it is to obtain people’s personal information using a Wi-Fi pineapple. A Wi-Fi pineapple is disguised as a Wi-Fi network and automatically connects to phones.
“You can get a connection within 240 feet. I get all the websites you’re using in real-time and I also get your usernames and password. So, if you log into your bank or PayPal or whatever, I get your username and password in real text,” Pearson said.
Pearson said he was able to use his Wi-Fi pineapple to capture 309 SSID ‘s (Service Set Identifiers) in the room of about 500 people.
“Most people are doing their daily business walking through life oblivious to what people are doing around them,” Pearson said.
Experts say avoid all public Wi-Fi networks. They say only connect to a personal hotspot.
“Wi-Fi is the most dangerous thing we could be doing in our environment today because it’s hackable by anybody that is third-grader or older and has $200 to buy this device,” Pearson said.
For consumers and companies, cyber security should be top of mind.
“Virtually every entity has been hacked in one way or other. It’s just a question about how much data has been stolen,” said Phil Catlett, president of the Better Business Bureau of West Michigan.
According to the Identity Theft Resource Center, nearly 14.5 million records have been exposed in 2018.
Experts contend that West Michigan is especially vulnerable, in part because technology in the region generally has lagged behind other parts of the country.
“Churches, schools, smaller hospital systems – they’re all very vulnerable,” DeMott said. “They’re kind of the sweet spot for attackers, I think they’re going to go after them more this year, more than ever.”
The Better Business Bureau, which hosts an online cyber-security resource center, said failing to invest in cyber security is no longer an option.
“You have to hire and spend and pay attention to constant protection of privacy, constant protection of all your technical networks because if you don’t, it’s going to get out of hand really quick,” Catlett said.
Experts admit this reality remains.
“You can never be totally on top of this issue, anyone who claims they’re on top of security at any time is stretching it,” Catlett said.
A few security tips from the experts: