Building on its predecessors — from federalized mail to telegrams to telephones — the internet ushered in a new era of connectivity and efficient communication, joining disparate parts of the world as never before. This newfound and nearly unbridled access to what is known as the digital town square inevitably attracted unscrupulous actors keen on targeting the unsuspecting for illicit financial gain. Efforts to counter this pervasive and unrelenting scourge, which can range from email spam to highly sophisticated state-sanctioned operations, are collected under the catch-all term “cybersecurity.” And everyone can use more of it.
With cybercrime on the rise, internet denizens should operate under the maxim “no one is immune to a cyberattack.” Importantly, even the most diligent are unable to control the people or companies with which they interact. Island residents got a taste of that uncertainty last month when Hawaiian Airlines experienced what it called a “cybersecurity event.”
On June 26, the airline issued a news release stating an undisclosed incident or intrusion had impacted unspecified “IT systems” on its network. Wording in a post to Hawaiian’s website suggests the breach was siloed to data stores and, luckily, no critical flight operations were affected.
Appropriate authorities were notified and efforts were made to restore impacted services. About three hours after the initial release, a second announcement emphasized that the guest travel side of the house remained operational, and included promises to update customers with additional information as it became available. And that was it.
Two weeks later and Hawaiian has not provided a follow-up advisory, nor has the company detailed what systems were targeted and what data, if any, was compromised. It is a lack of transparency that leaves customers in the dark, and fails to hew to modern cybersecurity disclosure standards that primarily protect consumers. Compare the response to those of airlines Qantas and WestJet, both of which were also hit by recent intrusions bearing hallmarks of hacking group Scattered Spider. Qantas immediately informed customers of the breach and posted regular status updates, ultimately concluding that the personal information of 5.7 million customers was compromised. Similarly, WestJet offered regular updates on its dilemma to customers and the press.
While users can do little to protect themselves from corporate-level breaches, they are able to take control of and minimize their digital footprint. This can involve anything from reducing exposure to email lists, to actively safeguarding personal information through paid security services. But everyone can start with these basic guidelines:
• Be aware. Understand that online threats are prevalent and constantly evolving.
• Be skeptical. Always question the validity and origin of emails, text messages, notifications and other correspondence. Any request for personal information should raise one’s hackles.
• Be vigilant. Never let your guard down. The Federal Trade Commission’s consumer advice webpage (visit consumer.ftc.gov) contains a wealth of information on how to spot and avoid online fraud, scams, vulnerabilities and more.
Extending the town square analogy, users can and should follow the internet community’s unspoken social contract and extend assistance to others, particularly those who are less tech savvy. Doing so not only protects individuals from falling prey to attackers, but can also shorten cycles of victimization by making a certain method of exploitation obsolete. Simply spreading awareness is an effective countermeasure against common attacks.
Ultimately, online security boils down to user behavior — conscientious data management reduces risk. And the first step is recognizing that risk exists.
Source: The Garden Island