We all have friends whose Facebook accounts have been hacked, or friends who have received emails demanding a ransom to prevent the release of personal information.
Recently, a close friend admitted that he was the victim of a SIM-swap scam. A hacker gathered enough of his personal information to move his mobile number to another device. With that, the hacker gained access to my friend's Gmail and banking info and began transferring money to other accounts.
I used to think these were isolated incidents that only affected people who picked terrible passwords, such as "123456," the dog's name, their birthday or, simply, "password."
But my friend is smart — and careful — and he did all the right things. All at once, the notion of living off the grid in one of those tiny homes you see on YouTube was quite appealing, as I was overcome by a sinking feeling that no one is really safe.
According to CDK Global's latest Dealership Cybersecurity Study, 85 percent of IT employees said their dealership was the victim of a cybersecurity incident within the previous two years, while 67 percent said they were confident in their cybersecurity measures before the incident.
That's an utterly terrifying statistic. But why does it seem as though we're just now hearing about the breadth and scope of the problem? The short answer is that, for whatever reason, the affected companies don't go around flapping their gums about it. It's "taboo," said Hassan el Bouhali of Toronto-based foam manufacturer Woodbridge Group. He used a November industry conference to publicly share his company's experience with a ransomware attack.
My friend didn't want to talk to many people about the SIM-swap scam because he felt embarrassed and even ashamed. The really sickening part? Data-breach activity is increasing and might not be preventable.
Ironic, as Alanis Morissette might sing, is that this realization could be the way out. In simple terms, imagine being told that a staff member was going to quit work today, but you don't know who. Your response might be to bring in extra staff or work out some other contingency plan.
Being terrified isn't much of a plan for a data breach, nor is doing nothing, but if the "aha!" moment is realizing that a breach is inevitable, you have a chance to control the outcome.
That response — a plan — will vary from business to business, but the first step is to admit the inevitable. The next will be to know whether the plan can be hatched internally or whether it will need to be outsourced.
"I strongly believe that manufacturing companies ... will never be able to staff enough cybersecurity resources internally," said el Bouhali.
Another admission. Another epiphany. Another step closer to preventing becoming a victim.