At a glance.
- What about this Metaverse, anyway?
- Toleration of data exposure?
- Why do insiders go rogue?
Is the Metaverse too Meta?
Last year, CEO of Meta (formerly known as Facebook) Mark Zuckerberg, introduced his understanding of "the Metaverse," a successor to the Internet as we know it, a new version of cyberspace coupled with virtual reality “where you’re in the experience, not just looking at it.” That sounds intriguing to some, menacing to others, but a recent survey conducted by NordVPN shows that Zuckerberg’s explanation might be a bit too vague, as 55% of Americans still don’t understand what a Metaverse is. Furthermore, 87% of respondents are concerned about how the metaverse could impact their data privacy, which is not surprising given that the Metaversal providers' recent data breaches and privacy issues do little inspire trust in their cybersecurity practices. Still, 74% said they’d be willing to join the Metaverse, and given that Meta’s reputational problems have done little to impact Facebook’s popularity, this shouldn’t be a surprise. Seeing as 23% of respondents hope the Metaverse will help them “feel like a different person,” perhaps identity theft isn’t everyone’s greatest concern. ("Take my identity...please. In my other one I'm wise and powerful and good-looking and beloved..." But even given all the discount gnosticism of Silicon Valley virtual aeskesis, apparently about a quarter of humanity is with Samuel Goldwyn on this one: "Include me out.")
The hackers behind data exposure incidents.
The Identity Theft Resource Center’s annual breach report showed that 2021 set a new record for breaches, and data exposure events, where organizations leave sensitive data unprotected online, were responsible for 164 million of the 294 million people compromised, despite the fact cybersecurity experts are constantly urging companies to be more careful with their data. Once discovered by hackers, the booty ends up on underground hacker discussion boards like RaidForums, free for the taking or sold to the highest bidder. By taking an in-depth look at the rise and fall of hacker Ngô Minh Hiếu, a cybercriminal-turned-white-hat behind these breaches, ProPublica explores just how easy it is for teenagers with access to a few instructional videos to become experts at scouring the internet for unsecured data. The infamous hacker known as Pompompurin, responsible for posting millions of stolen records on RaidForums himself, told ProPublica,“It keeps happening because people commonly forget or they just think it’s private when it isn’t.” Furthermore, data from Cyentia Institute shows that it’s cheaper for an organization to clean up after a breach than it is to take the necessary precautions to prevent one, especially when consumers are usually the ones who bear the brunt of that cost.
What motivates insider threat incidents?
CIO Dive says that according to a study released this week by Ponemon Institute, more than half of insider security threat incidents are the result of employee carelessness – workers neglecting to secure devices, follow company security policies, or patch software. Remediation of these incidents costs up to $6.6 million annually, or nearly $500,000 per incident. Researchers Clay Posey and Mindy Shoss from the University of Central Florida interviewed over three hundred remote workers and found that in the vast majority of cases, the cause wasn’t malicious intent, but apathy. Employees say they broke company security protocols "to better accomplish tasks for my job," "to get something I needed," or "to help others get their work done." Advisory suggests organizations rethink their approach in order to preempt incidents caused by staff negligence. Recommendations include recognizing that stress can often drive employees to make a mistake or even intentionally ignore policy. Posey and Shoss suggest restructuring employee training to get input from workers who might see cybersecurity as a roadblock to productivity and to incentivize adherence to cybersecurity policies. As well, Posey and Shoss recommend "managers must not only implement security policies specifically designed to protect against these sorts of attacks—they must also work to reduce the impact of these measures on employees' workflows, and clearly explain their rationale, in order to increase employee compliance.”