Todd Davis, the CEO of LifeLock, had his identity stolen at least 13 times after he posted his Social Security number on several billboards in 2010. His goal was to show how secure his company was, that it promised precisely to protect identity theft users. This is the example that Brian Grayek, a cybersecurity expert with more than 40 years of experience, uses to explain why he never provides his age and place of birth —not even in interviews.
“With just four pieces of information about me, they can impersonate me,” says Grayek, who is director of information and cybersecurity for the company REDW and has been part of security incident investigation teams that have involved the FBI and the Secret Service. from United States. It refers to his name, date and place of birth and his place of residence. Immediately afterwards, he takes his wallet out of his pocket and takes his credit card: “If someone steals it from me, I could only use it a couple of times because I would call my bank to cancel it. But I can’t change my driver’s license or my social security number.” With this and other personal information, “they can impersonate me and apply for a credit card or bank loan.”
The number of cyberattacks does not stop growing, as Grayek points out in an interview conducted at the CyberFit Summit 2022, an event organized in Miami to which EL PAIS was invited by the cybersecurity company Acronis. “How many doors do you see here?” he asks as he points to a hallway with about 20 doors. “Imagine that some go to Spain and others to the United States, Brazil or France. Hackers don’t care about that, it doesn’t matter where you are because what they are looking for is just an open door”, he comments. With the COVID-19 pandemic and the rise of teleworking, “there are more doors open than ever”: “I don’t know if people are using technology more, if we are becoming more blind to how things can happen or if they are getting more advanced ways of getting our information.”
A ransomware attack every 11 seconds
The ransomware it is the main threat that organizations face, according to the cybersecurity company Acronis. It is a malicious computer program that blocks access to files hosted on a server until a ransom payment is made. Cybercriminals use this type of attack to extort money from companies, governments, and organizations. “It’s the worst problem we have today,” says Grayek, who has also spoken at many security events around the world, including at the White House.
An attack of this type occurs every 11 seconds, as indicated by Acronis. In May 2021, one of the largest oil pipelines in the United States suspended operations after suffering one. In Spain, victims have been the Higher Council for Scientific Research (CSIC), the Moisès Brogg Hospital in Barcelona, or the Navarre Municipal Information Technology Association, a public company that manages the online services of 179 entities in the Foral Community. In any of these cases is it advisable to pay cyber attackers? “It’s complicated,” Grayek replies. The expert maintains that it depends on where you are and if you have a backup copy of the files. In the United States, “if I pay hackers and they are connected to a terrorist organization, my company can be sued and thrown in jail.”
The risks of paying a ransom
“I have worked with the FBI on several occasions and they always say that it is best to consult them before doing anything, since they have a list of hackers and they know which ones can be trusted,” he says. When companies decide to pay ransom for files, sometimes their plans don’t go as planned. Nearly 40% of victims who pay a ransom never get their data back, and 73% are hit again later, according to Acronis.
This type of situation could be avoided if you have a backup. “Businesses know that the number one way to get hurt is ransomware, but how many are backing up their stuff correctly? Very few”, says the expert. He likens it to “playing Russian roulette betting you won’t get hurt”: “Would you point a gun at your head without knowing if there’s a bullet in it? That’s what companies are doing every day.”
Although the ransomware is the biggest threat to businesses, there are other attacks that could have devastating consequences. “What do all our mobile phones have in common with computers? Lithium batteries, which if they get too hot, can explode,” says Grayek. In fact, he claims to have witnessed demonstrations that it is possible to do it through a cyber attack, so “it’s going to happen sooner or later.” “If they manage to set a computer on fire at night, when no one is working, they could burn down an entire building. In other words, they are not only going to hack into the computer and get the information, but they can blow up the company later, ”he concludes.
You can follow THE COUNTRY TECHNOLOGY in Facebook Y Twitter or sign up here to receive our weekly newsletter.
Source: EL PAIS