The Facebook data appropriation by Cambridge Analytica is just the tip of the iceberg according to cybersecurity experts. In fact, our data is being culled from a variety of sources and our ability to stop it is essentially impossible. Did you know for example that our smartphones are always listening to us and culling our information, even when they are turned off? I didn’t.
In lieu of going completely off the grid, the best course of protective action from bad players, according to Chris Moschovitis, CEO, tmg-emedia, is having strong cybersecurity. Moschovitis has just written a seminal book on the subject titled, Cybersecurity Program Development for Business: The Essential Planning Guide, which is available on pre-order. It is a breezily written, accessibly explained guide that, he explains, “demystifies cybersecurity for people so they can understand what it is.”
I sat down with Chris and spoke to him about the potential risks, including IoT where even a smart toaster oven is listening in, as well as some practical actions we can take.
Charlene Weisler: Where are we today in cybersecurity?
Chris Moschovitis: We are nowhere near where we need to be. The best analogy I have heard is that cybersecurity is now where we were when seatbelts were mandated in the 1970s. If you recall, after a lot of research, there was a law passed that mandated the use of seatbelts in all cars. There was uproar and a lot of resistance; It was interfering with my pleasure and personal freedom. Now we don’t even think about it. We get into our car and buckle up.
In cybersecurity we are now in the seat belt era where there is still resistance. Some people don’t understand why they need to pay attention to cybersecurity and may resent the fact that they now have to deal with one more technology problem. But it is not technology. It is risk management. So as a result they are ill-prepared, driving their car without seat belts. This is deadly. You see data extricated everywhere. People use free services where they are the product to be sold as in the case of Facebook and Cambridge Analytica where they are harvesting your data and selling it.
Charlene Weisler: And beyond your own data - your friends’ data.
Chris Moschovitis: Absolutely. That is the beauty of all of these free services. They harvest your data and all of your connections’ data. They also harvest your geolocation data, behavioral data, they know what time you get up, they know what time you go to bed, they know what you buy, what you like and dislike, your political affiliations, drug issues, sexual preferences, everything that you can possibly imagine. They know more about you than potentially your friends and family know about you.
Charlene Weisler: So left unchecked, where can this lead?
Chris Moschovitis: This leads to the elimination of privacy as we understand it, even at the most elemental level. If you are good with that idea, fine. But if you are not good with it them you have to start regulating it, whatever that means. And this is a lot harder than it seems.
Charlene Weisler: I never knew that my smartphone was always in use when I was carrying it around.
Chris Moschovitis: All smartphone sensors are in use all of the time. Therefore they can record all of your information. They know your geolocation because they have a GPS capability. They know everything about you. There are several phones that even when you physically turn them off, the phone is not really turned off. It can be reactivated, it can be hacked and reactivated remotely, cameras and microphones can be turned on, even though the phone is off. The only sure way to know that a phone is off is to remove the battery and that is becoming increasingly difficult now. In many phones the battery cannot be removed. So if you plan to have a private meeting and discuss things that are confidential, all of those devices need to be out of the room. Alexa, computers, phones and even wearables.
Charlene Weisler: What are your views on the Internet of Things?
Chris Moschovitis: I have a love/hate relationship with IoT. I love the facilities and the prospects of the wonderful services I can get through it but I am also concerned that the many of the manufacturers of devise in IoT do not consider security or consider it as an afterthought. So then you have products flooding the marketplace that don’t obey standards, are not up to date, they don’t have cybersecurity integrated from the design, security retro-fitted and potentially ill-fitted so they become easy targets for hackers and they can be used for very destructive ends.
Charlene Weisler: What can a media company do to best prepare for the future?
Chris Moschovitis: My advice to anyone is to understand how critical cybersecurity is to their existence. In the absence of cybersecurity, all of the assets that you have, all of the assets that you create are at risk. No matter what the size of your company is, you have to develop an actively managed cybersecurity program that is right for your business. There is no one size fits all solution. It needs to be custom fit for your risk appetite, for the type of assets that you have and for the type of threats that are coming your way.
This article first appeared in www.Mediapost.com
This article first appeared in www.Mediapost.com