Here’s what I learned from my Harvard alumni about how to protect yourself from getting hacked
Cyber attacks are becoming so prevalent the best we can hope for is damage control - but a little common sense can help
It took just a few hours for England’s Football Manager, Sam Allardyce, to resign after he was secretly filmed offering his expertise to others. No one can accuse Yahoo of behaving so precipitously.
It took two years for Yahoo to reveal that half a billion customers have had their details hacked from its servers. If Yahoo can hide a major security breach this long, not only is “privacy” not worth the server it is written upon, but it proves that the hackers are still way ahead of the hacked. And if Yahoo themselves have only just found out about that breach, Marissa Mayer, the beleaguered CEO, has to go.
A recent panel on artificial intelligence at the Harvard Business School had the audience spellbound by the prospect of machine learning. It was exciting, for robots will soon be doing complex tasks like surgical procedures and driving cars. And it was scary, as swathes of labour will become redundant; a transformation unseen since the mechanisation of agriculture.
Classes at Harvard are noisy affairs; as knowledgeable, experienced and ego-filled alumni clamour to make their points. But one question stilled the class for a chilling second – the unknown depths of privacy, cyber crime and cyber warfare. The issue of hacking hangs over the digital age like a bad smell.
We have to trust the algorithms that drive the robots; those black boxes whose reliability is creeping into the high 90’s – a percentage a lot less fallible than humans. But what happens if they are hacked?
This is not unique to Yahoo. Many other technology giants, including Adobe, AOL, eBay, Google, LinkedIn and Verizon have all lost data. The US Department of Homeland Security and the Commission on Elections have also been compromised this year. If these guys can’t keep a handle on our data, what hope is there for the rest of us?
Taobao reported a recent breach, a rare example of data loss being reported in China. We seldom hear of breaches in Russia, or of governments, or of US military institutions. We must assume that those that we do hear about are the tip of the iceberg.
The US Presidential campaign is becoming entertaining; but less amusing was the release of emails obtained by attacking the Democratic National Convention – giving Donald Trump a chance to gloat. But not so fast Donald; Trump Hotels were hacked in 2014.
Some of the information leaks like Evernote’s in 2013 are huge, while others are just embarrassing. Medicaid lost nearly 800,000 medical records in 2012. Last week, Russian computer hackers, Fancy Bears, published private medical records of celebrity athletes like Serena Williams and Sir Bradley Wiggins, showing a fine line between cheating and the use of therapeutic drugs in sport.
It also spotlights how difficult it is to track cyber crime emanating from China, India and Russia. North Korea rides high in the hacking stakes, using it as a source of foreign exchange and a weapon of war. The North (operating through a Chinese Internet Protocol) was believed to have paralysed South Korean banks in March 2013. An alleged US attack in 2010 injected a malicious computer worm called Stuxnet into the Iranian nuclear power programme disguising itself as a series of accidents. Cyber attacks are a legitimate weapon of war – in peacetime.
For now, the most lucrative activity is to hack retailers like Home Depot, Wal-Mart, Wendy’s and Target and steal password data. Most of us use the same one for all websites. The simple advice to the super-smart Harvard alumni? – mix up your passwords.
The biggest vulnerability is the global banking system. All the major banks have been hit; Bank of America, Citigroup, HSBC, JP Morgan and Wells Fargo to name a few. Banks in the Eurozone report cyber-attacks to the European Central Bank in real time – but the ECB has also been attacked. Imagine the impact if several billion of dollars disappeared at the height of a financial crisis.
Globalisation of cyber crime means that the best we can hope for in Hong Kong is that the big corporations can keep one step ahead. We don’t have the expertise to protect ourselves; except to be constantly vigilant. Perhaps the only hope is that the huge amount stolen will be too difficult to hide – and even more difficult to spend.
Richard Harris is chief executive of Port Shelter Investment Management. www.portshelter.com