If Jeff Bezos Can Be Hacked, How Secure is Your Business?
Investigation into who hacked Jeff Bezos’ phone reveals just how vulnerable corporate executives and business are to cyber-attacks.
Recent news revealing how attackers hacked into Jeff Bezos’ iPhone X to obtain his personal data was yet another reminder of how vulnerable corporate executives and businesses are to having sensitive data stolen.
Phones are the first line of defense to shore up, but extending security plans to every aspect of your operation is also critical. This is why so many executives are adopting a holistic approach to data security. After all, if the chief executive of Amazon can be the victim of a phishing attack, is anyone safe? Here’s how the Bezos case unfolded and some steps you can take to avoid data breaches.
Sheera Frenkel’s recent article in the New York Times showed that by opening what he thought was a message from Mohammed bin Salman, Saudi Arabia’s crown prince, (the two men had been communicating previously using WhatsApp) Amazon’s chief executive unknowingly unleashed, “a separate bit of code that most likely implanted malware that gave attackers access to Mr. Bezos’ entire phone, including his photos and private communications.”
Wired quickly followed with an article, which reported that the video that was attached to the message, “was likely loaded with malware” and that “The crown prince’s own account had been used to hack Bezos’ phone.” And Bezos is not alone.
Marriott Starwood Hotels, Aadhar, Exactis, LinkedIn, and MyFitnessPal are just of few of the organizations that have given up data on hundreds of millions of people through data hacks.
A recent Forbes article, which top-lined Verizon’s latest Data Breach Investigation, noted that there were “41,686 confirmed security incidents and 2,013 data breaches spanning 86 countries worldwide.” Forbes goes on to report that:
- “Financial gain remains the #1 driver of all data breaches.
- 40% of all breaches occurred at small businesses.
- Outsider threats remain dominant (69% of breaches) with insiders accounting for 34%.
- Cyber espionage represents 25% of all breaches with 96% of these attributed to state-affiliated groups or nation-states.”
With stats like these, it’s no wonder corporate executives are wondering who will be next.
Looking beyond the frequency of these cases is the stunning sophistication with which these security breaches are being carried out. Even with the help of high-tech solutions like Cellebrite UFED Ultimate, (used by investigators in the Bezos case to try and determine where the breach originated), tracing such breaches back to their source can be very difficult.
Rethinking Digital Strategies
As hacks into businesses and executive’s devices continue to rise in number, business leaders are completely rethinking the way they secure data across their companies.
Many are integrating the latest digital intelligence business solutions into their existing infrastructures to build robust platforms that provide complete end-to-end solutions for detecting and gathering evidence to prosecute those responsible for security breaches.
With proper training and the right platform, those investigating security breaches can download consent-based data gathered in the field to a central repository. Securing data in a central core allows it to be preserved in a forensically-sound manner that ensures personal privacy while meeting all compliance and governance laws.
From the core, data can then be managed and analyzed to produce actionable intelligence that can better protect individuals, businesses, and communities.
How this technology is marketed and to whom it is sold is also being monitored under the strictest guidelines to ensure it does not fall into the wrong hands.
Firming Up Your Digital Defenses
Clearly businesses and their executives need a strategy to prevent data thieves from picking their pockets, but they need not wait to bolster their defenses. Here are some basic steps businesses and individuals can take right now to thwart hackers and protect data.
- Outlawing or closely monitoring the use of personal devices on network systems, can prevent viruses and malware from infecting corporate servers.
- Businesses should implement MDMs (mobile device management platforms) that alert users if their device is being rooted or jailbroken. MDMs can also be leveraged to prevent certain kinds of access and they can prevent data from being synced with the Cloud.
- Be careful what you put on social media and in public forums. You may be putting a target on your back.
- Changing passwords on a regular basis and using codes that require two-factor authentication is an easy place to start.
- Finally, use common sense. Don’t just click on links, especially if you are on your mobile device, as this is where phishing is most likely to occur.
For a more in depth look at how to counter these types of attacks, watch my presentation at RSA last year.
Criminals understand the value of networks and partnerships to carry out illicit hacks. Alliances are equally important to businesses and individuals looking to harden their defenses against data theft.
By working in partnership with businesses and their executives, Cellebrite is helping to protect valuable data assets with unmatched digital intelligence solutions. That’s the kind of teamwork that’s needed to protect corporations and private citizens, and provide justice in criminal cases that build a safer world.
Learn more about how Cellebrite can help protect your business here.