On Security

(Posted on Wednesday, March 15, 2023)

Cybersecurity is typically categorized into five distinct types:

  • Critical infrastructure security
  • Application security
  • Network security
  • Cloud security
  • Internet of Things (IoT) security

For this post, I would like to focus on a sixth category.

  • Human or User security

According to the Identity Theft Resource Center, in 2022, there were over 1800 data breaches. While this is down slightly from the all-time high of 2021, over 400M users (people) were impacted by these attacks.

While many solutions on the market address different types of security services, breaches are still occurring at an alarming rate. When data breaches occur, our data can be exposed to those who do not consider our privacy, safety, and security. Bad actors can leverage our data to access platforms and services that can impact the organizations we work for and our personal lives.

So, what is user security? User Security consists of the platforms which protect your organization’s users, endpoints, and online activity from correlating threats more efficiently. As users increasingly log in to networks via their devices, securing these is as important as securing company-owned devices.

Securing users is as important as securing company devices. It’s a strong statement, and in my opinion, we have a long way to go to ensure the health of one’s digital identity within an organization and for people.

This is why we are building DFend, and we believe a security layer is missing focused on the user and the totality of a user’s digital identity.

Why do I believe this? Starting in 2018, my iCloud was compromised. My iCloud was connected to all my personal and corporate devices, providing bad actors a way into my personal and professional life. This strategic backdoor caused a ripple effect in my daily digital life that lasted over 18 months before I knew the source of the breach.

If my digital life/identity had a tool to detect deviations in my digital behavior vs. monitoring and alerting after the crime had been committed, millions of users and I would have been able to address the breach in real-time. This is another reason why we are building DFend.

To get my digital life back on track, it took a team of digital forensics, law enforcement, and legal experts to define the path to access my data and understand how and when the breach occurred.

In my forthcoming book, Privacy Pandemic, my team, and experts discuss how organizations and their users should approach their digital security. The methods, services, and tools I had to learn the hard way are detailed as a guide for readers to develop a plan to defend their digital lives at home or the office.

As work from home has increased over the past three years since the beginning of the pandemic, users and their organizations have become targets like never before. Let’s take the recent breach of LastPass.

According to Verge, LastPass says that a threat actor was able to steal corporate and customer data by hacking an employee’s personal computer and installing keylogger malware, which let them gain access to the company’s cloud storage.

Why is the LastPass breach important to organizations and their users? Over 100,000 enterprises and 33 million individuals use the LastPass platform to protect their digital devices. In 2022, the LastPass DB contained approximately 6.3 billion individual passwords and 19.1 million business passwords. Bad actors knew their targets and found a backdoor.

While my experience was nowhere near this level, we must protect our digital identities and devices. Gaining access to a device is why you always need to be cautious about who has access to them, no matter who they are. 

Let me say that again, no matter who they are.

Stay Safe.

Chris

To learn more about Privacy Pandemic, please visit.

Back to Writings