As 2016 draws to an end, time slows, as though the world becomes reluctant to let go of this year in favor the next. The steadily dwindling moments offer opportunity for reflection, a chance to look back at the way 2016 unfolded. At #cyberTuesday, January began with an Oscar Wilde quote, and an admonition to go forth and sin no more.
In February, we looked at cyber crime through the eyes of William Francis “Slick Willie” Sutton. Continuing the theme of sin and crime, the anniversary of the Lindbergh kidnapping provoked a look at the growing use of ransomware as March arrived.
In April, we revisited computer/psychopath Hal (acronym for Heuristically programmed ALgorithmic Computer) from the blockbuster film 2001: A Space Odyssey to examine the promise and threat of artificial intelligence. We followed that in May by using the Eric Burdon song Spill the Wine to discuss how much we may be inadvertently revealing of ourselves as our personally identifiable information (PII) is accessed and used.
In June, we took advantage of the good weather to visit Belleville Wisconsin, to offer a taste of cheese curds and a look at how an old computer server used to operate a family business could be infiltrated by Chinese hackers and deployed to attack targets around the world. Naturally that led to us continuing the food theme in July by reporting on litigation arising out of fast food restaurant chain Wendy’s announcement that it had misrepresented the magnitude of a breach it had suffered that apparently affected 1,025 of its restaurants.
The dogs days of August allowed us to turn to American baseball to look at the role insider negligence plays in cyber breaches. (Hint—it’s huge). Then, in September, we reviewed a proposal that requires banks, insurance companies, and other financial services institutions regulated by the New York Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers and ensure safety within New York’s financial services industry. Interestingly, the proposed cyber regulations contain a requirement that either the board of directors or a senior officer certify that the company is in compliance with the regulations.
As we entered October we used the origin of the term sabre rattling to look at how the Obama administration was contemplating a potential cyber attack on Russia in retaliation for alleged meddling in the U.S. presidential election, a story that continues to have legs. We followed in November by looking at the disconnect between what we say about cyber crime, and what we actually do to protect ourselves. Finally, in December, we used the marvelous Christmas movie Miracle on 34th Street to look at Yahoo’s ongoing travails stemming from being the victim of the two largest breaches in internet history.
Yes Virginia, 2016 did happen, and not having to rely on our memories allows us to chronicle the year relatively faithfully. We hope 2017 provides wonderful memories for all of you. Happy New Year!
By Tom Davis, SDI Cyber Risk Practice
December 27, 2016