A common term in IT security is “high-value target” (HVT for short.) Traditionally, high-value targets are where IT security professionals focus most of their attention, since they are the favorite targets of hackers. High-value targets differ by organization but include such information as credit card data, confidential company intellectual property or critical infrastructure weaknesses.
However, a recent trend shows that hackers are increasingly expanding their reach beyond high-value targets to other “low-level” targets as well. As a result, it’s more important than ever that organizations of all types and sizes make information security a top priority.
- Hospital Patient Data. A recent breach revealed that a medical care company had millions of patient records stolen. While individuals’ medical histories were not stolen, personally identifiable information (PII) was taken—names, addresses and Social Security numbers. That’s all a criminal needs to perpetrate identity theft. The reason this was so unusual was that the group that conducted the attack had previously only focused on industrial espionage (medical technology, new tech testing results, etc.), but they obviously felt there was money to be made by expanding their targets.
- Medical Records. While typically done on a much smaller scale than PII, medical record theft is becoming an increasing problem. Imagine how valuable a person’s full medical records would be to someone without insurance who needs expensive surgery. They could impersonate the person whose records—including their insurance info—were stolen. Those records also could be used to acquire prescription medications to which someone might not have access otherwise.
- Email accounts. While stealing email account information isn’t new (typically it’s been done to help send spam), it’s now become a big business. If the account holder tends to reuse passwords, it’s easy for hackers to infiltrate the victim’s other online information. Even if you don’t reuse passwords, many sites’ passwords can be reset solely by email, or by the information in your mailbox. Do you have accounts with iTunes? UPS? FedEx? Airlines? Wireless providers? Online retailers? Every one of those accounts can be sold directly or used to obtain free products or services. And is there anything in your mailbox of value? Information belonging to your company? Information that could be used to blackmail you? These are just some of the many reasons email accounts are continually hacked.
- Photographs. Yes, even photographs are being hacked. With publicly available facial recognition technology becoming more prevalent and accurate, hackers have been able to obtain a photograph of someone and use facial recognition to find matches on Facebook and other sites. This can give them a map of every location from which you have ever Tweeted or posted. This information, combined with other data it can lead to (or when combined with an email account), can open up an amazing number of possibilities. So reconsider whether you really want to allow your devices’ location services to be used when you post on social media.
The lesson to be learned from these examples is that even small subsets of your personal information can be monetized by eager hackers.
So, how do you keep this from becoming the next victim?
Protect your devices, protect your data and consider the consequences before you put information out into the world.
In my next post, I will discuss some simple steps that you can take to protect your data from these unusual theft methods that are becoming increasingly popular.