When the Witch of November Comes Stealin’

The legend lives on from the Chippewa on down
Of the big lake they called ‘gitche gumee’
The lake, it is said, never gives up her dead
When the skies of November turn gloomy

Canadian singer/songwriter Gordon Lightfoot’s iconic ballad, The Wreck of the Edmund Fitzgerald, tells the story of the ill-fated last voyage of one of the huge cargo ships that ply the treacherous waters of the Great Lakes. The ship went down in Lake Superior, during a vicious November storm, when swells reached thirty feet and the wind howled at nearly 100 mph. Thus, the song makes many references to the month, including “And every man knew, as the captain did too, ‘Twas the witch of November come stealin’.

The witch of November clearly has not lost her appetite for stealing. The Toronto Sun recently reported that cyber thieves had stolen the identity of 4,500 recreational users of cannabis in Ontario. Not reported was the number of those victims who cared. But customers of Cathay Pacific Airlines surely cared when the airline reported that a hacker accessed the personal information of 9.4 million of its customers.  In what is to date the world’s biggest airline data breach, passports, addresses and emails were exposed.  When the Hong Kong-based airline disclosed the breach its shares sank immediately, cutting $201 million off its market value. Multiple state and local governments in the United States have suffered extortion attacks, and reports of major breaches in Australian defense and Pakistani banking are making the rounds. We can all agree it’s a bit of a mess out there, but what is one to do?

Well, if the goal is to avoid being hacked, one could do worse than to adopt some of the lessons from “The Motherboard Guide to Not Getting Hacked.” In introducing the guide, Motherboard admits right up front not getting hacked is a challenge, saying, “One of the questions we are asked most often at Motherboard is, ‘how can I prevent myself from getting hacked?’” Because living in modern society necessitates putting an uncomfortably large amount of trust in third parties, the answer is often “not a whole lot.”

It recommends keeping apps up to date, and using password managers along with multifactor authentication, all basic steps that everyone agrees make sense, and far fewer actually do. But it also offers advice on encrypted messaging, data broker websites, and sexting (whatever that is). The advice is well worth a read, and if your read turns to action, your vulnerability will be reduced.

By Tom Davis, SDI Cyber Risk Practice

November 13, 2018