Cyber risk turned cyber risque

By Erin Ayers on September 4, 2014

“What do we want? Your personal information and sense of privacy! When do we want it? Any time we feel like it!”

It really feels as though hackers are out there in cyberspace, chanting this rallying cry and there’s not much anyone can do about it, doesn’t it? Hackers cast their cyber nets wider every day, stealing data, and occasionally just wreaking havoc.

It’s this last bit that can become the biggest violation, as we saw last week with the vicious hacking efforts that sent dozens of private photos of celebrities into the public sphere.

Cyber risk just turned cyber risqué.

Except it’s no joking matter. One can insure against financial loss, intellectual property loss and even reputational risk, but it’s much harder to replace a sense of security once it is lost.

And for any consumer who has had a payment card breached, it’s generally a simple, if annoying, process of replacing the compromised card and moving on. There’s no claims process for having your online boudoir ransacked. For anyone suggesting, “oh, don’t put nude photos in the cloud and you won’t get breached!” – that’s reductive talk. If you put ANYTHING in a personal space, it should be secure and it’s up to society to get its act together and not create a leering, madding crowd for its publication.

The cloud appeared to be most obvious suspect for a breach; however, Apple denied that its iCloud service had been breached. Instead, Apple suggested that individual accounts had been hacked and speculation further suggested that it had been via a brute-force attack, with hackers using applications to plug possible usernames and passwords into accounts and “break” into them.

“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved,” Apple said in a statement.

Brute-force attacks have been increasingly and unfortunately effective at prying personal data out of otherwise secure sites. Unless a site shuts down attempts to crack passwords after a set number of tries, the hacking brutes can access it. It’s even easier if the username and password has been hacked and obtained via those shadowy Internet channels.

So, at this point, it genuinely feels like we’re fighting a losing battle against the rising army of Internet trolls who also happen to have a bit of computer savvy. What’s the solution? At this point, even more secure technology and better authentication processes to head off brute-force attacks before they even get going would be a fine first step.

eayers@advisen.com'

Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at eayers@advisen.com.