How annoyed are you when you find out you lost some cash? Whether it is a few bucks in your jeans pocket or that “emergency stash” under the mattress, losing that “cold hard cash” is a feeling that always twists your stomach. Sometimes you blame yourself. Sometimes you blame others. Depending on the amount lost, your emotions could range from the standard “how could I be so stupid?” to a profanity-laced tirade that is not suitable for print here.
Question: do you feel the same way when you experience credit card fraud? My instinct is that while you would feel some sort of violation and negative feelings, it’s just not “the same” as losing cash.
But there’s a chance. Also, you haven’t lost anything really “tangible” if you have just lost some purchasing power on your credit card until the fraudulent charges get reversed (yes, I accept that for some this is a bigger problem than others).
But you really begin to feel the hurt if you can’t get these charges reversed and you do have to pony up the cash to cover it. So, it comes back to cold hard cash again. And usually the only way we get our cash back is because of a Good Samaritan or divine intervention.
With that thought in mind, here’s my first 2018 cyber comment to you: treat your data like cash. My feeling is that most of us are treating our data like credit card fraud, hoping that we can get it back somehow.
I’m going to tell you that once your data is out in the wild, you should treat it as gone for good. Sure, you may come across some cyber Good Samaritan or get some much needed divine intervention, but really, your data is gone.
I find myself both chuckling and smacking my forehead when I hear “if you just pay the ransom, we’ll give you back your data and destroy all copies we have.” Okay, if you really want to believe the person that just ripped you off and extorted you (which by the way, you’ll probably never see in the flesh), fine, but that’s a personal problem I can’t really help you with.
That’s why I’m keeping this post short and simple, hoping that 2018 brings about a sea change on how we treat our data. Information is just another form of currency (arguably, the most valuable), which is why if you believe in the old saying “cash is king” then we should really start thinking “data is king” also.
Just start believing that once your data is compromised, it’s gone for good. This is the case of course unless you can verify that you have gotten all of it back and also verify no copies have been made and also verify that your data has not been tampered with. I believe we have enough evidence to show this is no easy task, so let me make this easy for you: just assume you lost some “cold hard data” in the process.
Let me wrap up with these last few words. There has been a shift in the last 18 months from the belief that cybersecurity is more about tech issues. This is a good step, even if it’s late to the game by a few years in my opinion. I also like that there have been some more frequent calls for a “cybersecurity culture change” in order to stop the data loss. Regrettably though, there has been little in terms of easy-to-explain-and-execute culture change.
That’s why I’m calling for data to be treated like cold hard cash. If we can burn that mentality into our minds, I think we’ll take a giant leap forward in protecting our data. Have a Happy 2018 full of good health, happiness, prosperity, and meaningful cybersecurity!
By George Platsis, SDI Cyber Risk Practice
January 9, 2018