Blog / The Needle in a Haystack – Why don’t we hear of more lives ruined by Cyber Security Breaches?
One of my hobbies is restoring old radio equipment, especially the ones with vacuum tubes. For the Millennials in the group, tubes were used in radio gear before transistors – and again, transistors gave way to integrated circuits, which we commonly call chips or CPU‘s. Of course, they’re the brains that power everything from our Smartphones and computers, to the Cruise Control in our cars.
Back to the tubes. Critical parts of the radio circuit are Resistors. They are tiny components that look like big grains of rice and help regulate the current that flows through the tubes. Resistors have colour-coded bands that identify their particular value. I have boxes full of spare resistors; maybe 20,000 in total, but only a few of some values.
Still with me? About 6 months ago, I was hunting for a particular value and I thought I only had one or two of them. In my haste to find the right one, I dropped the box. Thousands upon thousands of resistors were scattered on the carpet in my workroom. I was down on my hands and knees for about an hour looking through the resistor mess, trying to find the right one. It would have made for a ridiculous YouTube video.
Data breaches are now an everyday occurrence. The news is filled with reports about corporations – large and small – being hacked, and how the information in their care and control has been potentially stolen. Email addresses, passwords, credit card numbers – even Social Insurance and Medical Records – are all out on the Dark Web to be bought and sold to the highest bidder. A quick count of some of the more recent and noteworthy breaches put the count at close to 1 billion records compromised.
We are becoming desensitized to these reports, and are starting to accept that our personal information is not safe. And technically, it’s not. Armed with some or all of this Personal Information, a resourceful hacker can do your personal reputation serious damage; create false bank accounts, obtain loans and credit cards in your name, apply for all sorts of nefarious accounts, and visit questionable websites. Your digital name could be mud in a very short period of time.
So, given the number of records stolen and the potential damage hackers could inflict, how is it we don’t hear about more instances of lives being ruined by false digital identities and hackers gone wild? With a billion records compromised, we should hear of thousands of False Identity Reports. But we don’t.
Maybe the answer is: it’s not that easy.
Before you read on, my disclaimer is that I have no documented evidence that my musings are accurate. They’re just my way of applying common sense to this contradiction.
We have this notion that hackers are all-knowing and powerful; the image of a Geeky Evil Emperor comes to mind for many people. With a wave of their programming hand, they wreak havoc on unsuspecting millions. Not so! They’re as lazy and disorganized as the rest of us, maybe more so.
Consider this example: Through their activity, a hacker gains access to a closed system that contains millions of records from a hotel chain; Guest’s name, address, phone number, license plate number of their car, and perhaps credit card and loyalty card information; all of the things a Registered Guest would give the hotel. The stolen information typically comes in the form of a data dump from the hotel’s information system. Think of it as one or more massive spreadsheets of data. Sometimes the information is coordinated and orderly; but most often, its a jumble of separate tables with numbers and cryptic cross-references. It is no small task to sort and relate the data, so it becomes usable information. It could be hundreds of hours of work.
But let’s assume through either luck or hard work, the information in the hacker’s hands is usable; a nice, neat spreadsheet with each row a complete record of each Guest’s stay and personal information. Now what?
To make practical use of the data – a bogus charge on your credit card for example – the hacker needs the card number, name, expiry date, and the 3-digit code on the back of the card. It’s the last piece of information that’s tough to get. If the Guest checked-in in-person, it’s not recorded. If they reserved online, it’s not recorded. It’s only if they paid online that the information is taken, and then it’s not usually stored in the hotel’s database. But they’re not finished; modern database design usually means that critical (credit card) information is stored in an encrypted format, so the hacker has to decrypt it to see the proper numbers.
But, let’s assume they have all of the information and attempt to process a charge and make a purchase. The credit card company’s systems are designed to look for suspicious activity that doesn’t fit your purchasing patterns and deny the purchase. Many bogus purchases are prevented with these systems.
And there’s another built-in protection of sorts. It’s the shear number of records stolen. Cyber Criminals have millions upon millions of records to sort through and the chances of them picking you are about the same odds as you winning the lottery. So, perversely, the more records stolen, the better your odds at not being chosen as the hacker’s target.
You’re just a needle in the haystack – or a resistor in the pile on the floor.
Of course, none of this is an excuse to be lackadaisical about Cyber Security and protecting your information. But many times, you don’t have control of your information or how corporations and government agencies protect it. So practice safe Cyber Security: changing passwords, monitoring financial accounts for suspicious activity, and rejecting requests for extra information gathered by websites or companies you deal with. But if you become a resistor in the pile on the floor of the hacker’s workroom, it might not be the end of the world.
If you would like more information on stress-free Cyber Security, please contact me or your Account Manager at TRINUS.