We all have friends whose Facebook accounts have been hacked, or friends who have received emails demanding a ransom to prevent the release of personal information.
Recently, a close friend admitted that he was the victim of a SIMswap scam. A hacker gathered enough of his personal information to move his mobile number to another device. With that, the hacker gained access to my friend’s Gmail and banking info and began transferring money to other accounts.
I used to think these were isolated incidents that only affected people who picked terrible passwords, such as “123456,” the dog’s name, their birthday or, simply, “password.”
But my friend is smart — and careful — and he did all the right things. All at once, the notion of living off the grid in one of those tiny homes you see on YouTube was quite appealing, as I was overcome by a sinking feeling that no one is really safe.
It’s actually worse than that. Much worse. According to one of our recent stories, 88 per cent of Canadian businesses “have suffered one or more breaches in the past 12 months due to external cyberattacks.”
That’s an utterly terrifying statistic. But why does it seem as though we’re just now hearing about the breadth and scope of the problem? The short answer is that, for whatever reason, the affected companies don’t go around flapping their gums about it. It’s “taboo,” according to the story. My friend didn’t want to talk to many people about the SIM-swap scam because he felt embarrassed and even ashamed. “I feel violated.”
The really sickening part (as if this already wasn’t sickening enough)? Data-breach activity is increasing and might not be preventable.
Ironic, as Alanis Morissette might sing, is that this realization could be the way out. In simple terms, imagine being told that a staff member was going to quit work today, but you don’t know who. Your response might be to bring in extra staff or work out some other contingency plan.
According to our story, being terrified isn’t much of a plan for a data breach, nor is doing nothing, but if the “aha!” moment is realizing that a breach is inevitable, you have a chance to control the outcome.
That response — a plan — will vary from business to business, but the first step is to admit the inevitable. The next will be to know whether the plan can be hatched internally or whether it will need to be outsourced.
“I strongly believe that manufacturing companies ... will never be able to staff enough cybersecurity resources internally,” said Hassan el Bouhali of foam manufacturer Woodbridge Group.
Another admission. Another epiphany. Another step closer to preventing becoming a victim.