At least 21 million Social Security number have been exposed in the second hack of the federal government. The first hack happened last month and exposed a separate 4.3 million Social Security numbers. The hackers also had access to 1.1 million sets of fingerprints as well as other sensitive information such as addresses, drug and criminal history, financial history, etc.
Following this news, Mike Smart, Security Strategist, Proofpoint discusses whether normal people should be worried about such attacks.
Mike Smart, Security Strategist, Proofpoint :
“Organisations of any size are a target to advanced attacks. These recent examples remind us there is always a risk that an attack will get through despite our IT security investment and best efforts. To be able to find a breach and respond to it quickly should be a key focus area for us all. It is widely regarded that vast majority of targeted and advanced attacks start with email, Cyber criminals are able to research their targets and craft emails to the right audience, with the right subject matter and send at the right time.
Research reported in the 2015 edition of Proofpoint’s annual cybercrime report, the Human Factor*, suggests that at least one in every twenty-five recipients of this email will click and fall victim to the attack.
At minimum, existing defences need access to real-time threat intelligence to ensure that have the very latest protection as user open emails and click on links from anywhere on any device. In addition, organisations should look towards new defenses that can provide quicker detection and visibility post-infection.”[su_box title=”About Proofpoint” style=”noise” box_color=”#336588″]Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.[/su_box]