20 Feb 2017

What Has a Longer Aftertaste: Colorado Brownies or Russian Forged Cookies?

Author:

When the politicians in Colorado legalized cannabis, we all learned about the after effects of Rocky Mountain brownies – but the calories and cannabis burn off after a few hours.

What about Russian Forged Cookies? While these “cookies” are tasteless, they have long-lasting after effects that can be costly.

What is an HTTP cookie? An HTTP cookie is a small piece of data sent from a website and stored on your computer, used by websites to remember and record your browsing activity – or remember your username and password stored in your browser. Details

What is a Russian Forged Cookie? A Russian Forged Cookie is an HTTP cookie created by a hacker in Russia that masquerades as an authentic Yahoo cookie – and in this case, the Yahoo cookie that remembers your Yahoo Mail username and password for you. Details

It turns out this Russian Forged Cookie has an aftertaste that lasts for years — souring in the mouths of Yahoo shareholders to the tune of $250 million, the reported reduction in the price Verizon will be paying to acquire Yahoo as a direct result of the attacks coming to light.

Cybersecurity Has No Political Affiliation

While we often talk about political influence in security regulations, Russian hackers, and high profile government hacks, cybersecurity really is apolitical. It impacts large and small businesses, men and women, Democrats and Republicans. Recent news headlines may focus on the politics surrounding hacking and protecting against politically-motivated cyberattacks, but cybersecurity has been and will continue to be equally important for all individuals (that use computing devices) and all businesses.

We have discussed how cybersecurity has lured homebuyers into wiring down payments to cyber criminals (see recent article), – (If this concerns you, try RPost’s Anti-Whaling email imposter protection).

We have also discussed the reputational cost to big business (e.g. Yahoo). In Cisco’s Annual Cybersecurity Report they discuss the cost to small and mid-sized  business — upon awareness that the company was hacked, many report either a 20% reduction in revenue or a 20% reduction in customers.

Once the regulators (back to politics) weigh in, the costs can skyrocket — for example, if a US company is doing business in Europe, under the General Data Protection Regulation (GDPR), authorities may impose fines of €20 million or up to 4% of global annual revenue, in certain cases of serious breaches of the Regulation. (Details)

Hollywood Moves In. Christian Slater: The New Face of Cybercrime?

Maybe the new face of cybercrime has started to change – from shadow government operatives to Hollywood A-listers. HP released a four-part video series called “The Wolf” featuring Christian Slater as the human embodiment of cybercrime. In one video, Slater encourages an employee to print a gift certificate sent from an unknown email address.  In another, he traipses through an office late at night, loading malware onto computers. HP hopes to draw attention to the risk of cybercrime via unsecured printers as well as desktops and other devices. The videos are certainly entertaining yet are also surprisingly insightful, bringing to life (with technical accuracy) the often underestimated dangers cyberattacks pose to every business.

Our Recommendations?

Cybersecurity decisions should not be made by the IT department alone, nor should they be made exclusively by the executive suite. We suggest that corporations involve their executive teams in the process of evaluating and improving security practices and investments in new technology alongside IT staff. This is important so that IT has the budgets to protect, and executives understand the real (financial and reputational) cost of a successful hack.