Don’t let a data-driven serial killer run loose
A scammer will research the target often found on social media to create a message that appears to come from someone the... Practising data and digital transformation advisor Naleen Nageshwar
IN a matter of seconds, the perpetrator, the serial killer, accessed data on a wide range of current and historical data of millions of people.
Data that was relevant for the killer’s intentions.
He was able to zero in with a laser focus to frame his victims, one at a time, person by person.
While thinking about and strategising around your data potential, data security must be given top priority, not something to be considered later.
We’re all aware of how critically important it is to avoid being on the dark side of data.
Don’t let a serial killer armed with your data run loose in your organisation.
He accessed data such as phone numbers, home and office addresses, vehicle registration numbers, licensing, births, deaths, and marriages information, and the purchasing history of almost everything including people’s colour and style preferences, shoe size, dress size, shirt size, credit and income histories, bank details, and much more.
Today mobile phone details including calls you made and received, data use, social media and website data further enriches the data they can potentially store for analysis.
Through Jeffery Deaver’s thrilling book we’re reminded, in a spine-tingling way, how vulnerable you are, way beyond your credit card and bank details, when somebody knows everything, well just about everything, about you.
When one of the main characters on the good side of the law, is arrested on murder charges, the case is solid, there is no doubt he is guilty. Perfect.
Investigators find a whole lot of DNA and other evidence at the crime scene, and it looks a sure thing that the fate of the police detective is sealed.
But soon detectives discover that there were a series of murders and rapes where the accused, mostly respectable stand-up citizens, plead innocence and seem to have no knowledge of the crimes they are accused of.
But all of them have ironclad evidence against them. Again, the evidence is perfect. Too perfect.
It takes a long while, amid several tragic deaths of innocent folk for the investigators to start wondering if these alleged perpetrators are in fact victims themselves being framed of these murders.
Victims of identity theft and manipulation of the facts.
Your credit card details, you can keep it, there’s something way more sinister at work here.
Deaver’s book exemplifies the adage “Knowledge is power” and with data being said to be a most valuable commodity, the “new oil”, the “currency of today”, and the ubiquitous call for migrating data capabilities to the cloud, digitising and digital transformations, structuring, and restructuring of business solutions to meet myriad challenges to survive, to be competitive and in particular to grow-the-business it would at the very least be negligent for organisations to question the value of data security irrespective of how it is deployed.
And then there’s cyber security.
In the 1999 publication, the concept of data mining, analytics, advanced analytics, and its more progressed and advanced capabilities data science, artificial intelligence as its come to be known recently.
The suspicion is that it was a means of knowing everything about the victims being framed.
The actual perpetrator, the serial killer, has access to a huge amount of data via a data repository and several access tools helping the killer with laser-like targeting of the victims being framed.
If you were to categorise the type of scam this was to steal your data, it could roughly fit under the term “spear phishing” which targets specific individuals, typically one with privileged access.
You could loosely use the term for individuals as the end target, but its main objective is to target those with influence and access to user information, to the organisations ICT network, or access to company funds.
A scammer will research the target often found on social media to create a message that appears to come from someone the target knows and trusts, or that refers to situations with which the target is familiar.
Then there’s whale phishing, a spear phishing attack that targets a high-profile individual, such as a CEO or political figure.
In business email compromise, hackers use compromised credentials to send email messages from an authority figure’s actual email account, making the scam that much more difficult to detect.
In the recent past this was attempted at a local company authorising payments to a legit customer of the company with all the right credentials and banking details and a genuine looking invoice to boot.
The attempt was thwarted by an alert IT manager but there is no way to guarantee how many of these or similar attempts had been successful.
There is also the attacks known as angler phishing, where fake social media accounts that masquerade as the official account of trusted companies’ customer service or customer support teams to influence the innocent user.
With all these names for phishing hacks, you can’t help but imagine some joker sitting outside the laggard data centres of batman’s cave having fun with all this stuff.