Bryan Hjelm

About Bryan Hjelm

Bryan has more than a decade of experience in the technology industry. In his lead role at CSID, Bryan focuses on identity protection, fraud detection, privacy and information security products and technologies. He also closely studies how personally identifiable information can lead to identity theft, privacy concerns, and shape our online reputations.

CSID Bolsters Social Media Monitoring Product to Help Keep Children Safe Online

By | September 20th, 2016|Company News, Online Safety|

CSIDToday, we’re pleased to announce that our Social Media Monitoring product now includes child-monitoring services. This important addition, which can be rapidly deployed and customized through our Identity Management Center (IMC), lets our partners enable subscribers to monitor privacy and reputational risks, cyber bullying, weapons references, and sexual predator activity for their child’s Facebook, Twitter, and Instagram accounts.

Ninety-two percent of teens go online daily. Ninety-one percent of these individuals share photos of themselves, and 71 percent share the name of the city or town in which they live. It’s more important than ever for parents to be vigilant of the security risks facing their children across social media. Not only can a child’s social media activity put them risk for identity theft or fraud, it can also impact his or her future success. In fact, 35 percent of admissions officers reported that when checking on a student’s online presence, they found something that negatively impacted an applicant’s chances of getting in, a figure that has nearly tripled from last year.

Here’s what CSID President and Co-Founder, Joe Ross, had to say about the news:

In today’s world where children and teens are constantly connected, they may be sharing information that puts them at risk for identity theft, reputation damage, or worse. The new child monitoring services added to our Social Media Monitoring product will allow businesses to provide subscribers peace of mind, knowing that they’ll be alerted if their children are sharing any information or engaging in activities via social media that puts them at risk.

For more information on CSID’s Social Media Monitoring product, visit https://www.csid.com/socialmonitoring/ and to stay up to date with all CSID news, be sure to follow us on FacebookTwitter and LinkedIn.

SYNful Knock and a New Age of Phishing

By | September 21st, 2015|Uncategorized|

PhishingEarlier this week, Reuters reported that security researchers uncovered a new malware strain called SYNful Knock, targeting Cisco routers. Once installed, SYNful Knock gives cyber criminals the ability to harvest data being shared via the router without being detected. The malware has already been found on a handful of Cisco routers in four different countries.

While reports of breaches and data theft are commonplace these days, the SYNful Knock malware stands out for one key reason – affected routers were compromised not because of a security flaw in Cisco’s software but because cyber criminals secured the login credentials of key network administrators to install the software.

We’ve long espoused on this blog that employees are always going to be the weakest link in any security system. There will always be an employee that reuses easy-to-remember passwords across multiple logins. There will always be an employee that gets tricked into downloading an infected file or tricked into clicking on a malicious link through a phishing scam. If you want better cyber security at your business, employee education is the place to start.

This is even more evident went you look at the Cisco router story. In the past, cyber criminals focused on quantity over quality – send out 100,000 phishing emails and hope that a handful of recipients fall for the scam. We are seeing a move away from this and a move towards cyber criminals focusing on specific high-value targets, targets like employees that have network administrator-level credentials. Cyber criminals are using social media sites like LinkedIn to identify key personnel that may have administrator access to a system. They are then researching these individuals, often on social sites like Facebook and Twitter, to collect personal information – information that can be used for a customized phishing email or to answer standard password reset questions. In the case of the Anthem breach, cyber criminals used this tactic to secure logins for five Anthem employees. One of these five employees had administrator-level credentials. That’s all it took for cyber criminals to access more than 80 million customer records.

Compared to Anthem, this week’s Cisco router news seems pretty unimpressive. But it is a story that serves as a cautionary tale of what’s on the horizon for business cyber security and employee vulnerability.

Have tips on how to educate employees on password best practices? Weigh in on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

The Rising Cost of Data Breaches

By | August 20th, 2015|Breach, Business Security, Uncategorized|

Earlier this week, Target struck a deal with Visa to reimburse thousands of financial institutions around $67 million dollars for costs resulting from the company’s 2013 data breach. These costs included reissuing credit and debit cards and handling an increased number of customer inquiries. Target is expected to reach a similar deal with MasterCard.

Target’s Visa settlement is an interesting one. Historically, credit card companies and banks have considered reissuing cards and removing fraudulent transactions from consumer accounts a cost of doing business. This mentality is rapidly changing as high-profile, high-impact data breaches continue to occur.

Businesses are finding there is no escaping the increasing threat of data breaches and associated costs. A May 2015 Ponemon study found that the average cost of a data breach increased to $3.8 million this year, up from $3.5 million in 2014. These costs include the obvious ones – IT personnel to address the security flaw that led to the breach, hiring customer service representatives to address customer concerns, costs associated with notifying and providing identity protection to impacted individuals. There are also some not-so-obvious costs like lost revenue, class-action lawsuits and resignation of key employees.

It’s not all doom and gloom for businesses when it comes to data breaches. The same studies that look at the cost of data breaches have also found there are ways to minimize these costs:

  • The Ponemon study found a relationship between how quickly the business identifies and contains the breach and its financial consequences. The longer it takes a company to identity a breach, the more costly it will be to resolve.
  • Ponemon also found that business continuity management plays a key role in reducing the cost of a data breach. Having business continuity management involved in the remediation of the breach can reduce the cost of response by an average of $7.10 per compromised record.
  • Lost customer revenue is often the most severe financial consequence for a breached business. Businesses that plan ahead and have a clear customer response plan in place prior to being breached fare better than businesses that don’t. Identity protection should be a part of any customer response plan.

With the constant influx of new security threats and vulnerabilities, businesses need to be prepared to respond and address these threats and as data breach costs continue to rise, the stakes become even higher. Focusing on security, implementing business continuity management and having a breach response plan in place can take a bit of the edge off the financial sting of a breach.

Do You Know Who (Or What) Your Friends Are?

By | November 7th, 2011|Uncategorized|

With more than 800 million users worldwide, Facebook has become the defacto standard in social networking platforms.  One of its most important features, the ability to quickly and easily scan whether or not you know people by looking at common connections, has expanded networks across the entire world. You all know this already…  but how many of you know which of your friends (or your friends’ friends) are real people?

In a recent study conducted by the University of British Columbia in Vancouver, Canada, researchers attempted to demonstrate that Facebook could be easily penetrated for malicious purposes: collecting users’ data. The University of British Columbia experiment introduced 102 “socialbots” – effectively, simulated Facebook users complete with pictures, quotes, and status updates – to make friend requests, and then parlay those associations into deeper ties with their new friends’ connections.  The socialbots made random requests to Facebook users, and within six days of their introduction to the social networking site, had received acceptances from nearly 1,000 users.

In turn, the bots continued on in their endeavor to make new connections and began sending friend requests to the connections of their new “friends”, and the results appear to show that the new request recipients, seeing a mutual connection, accepted the request from a cyber-user: results show that requests were accepted 59.1 percent of the time.

Over the length of the experiment, the UCB socialbots collected valuable Personally Identifiable Information (PII), including date of birth, email address, and physical addresses, from more than 3,000 Facebook users, equating to approximately 250 GB of data. Because this data is highly marketable and potentially dangerous if in the wrong hands, if this were instituted by an organization other than a reputable university, untold damage could have been caused to thousands, if not millions, of people across the world. So, how do we protect ourselves against this, and if we fall for such an attempt, what is our recourse?

  1. Make sure you know who you are friending and accepting friend requests from. Ask yourself important questions: Do I know this person? If so, where have a I met them? If you don’t, and your basing your consideration on a mutual connection, how does my friend know this person? When in doubt, ask your friend.
  2. Know what personal information you want to share, and that which you don’t. Do you want everyone to know when your birthday is, if you’re married or single, your email address? Adjust your profiles and the information that your contacts can view and download as you see fit.
  3. You’ve made friends with a virtual contact. What about me is in the wrong hands? Find out what data has been compromised, and learn what you can do to protect yourself in the future and restore your identity. Invest in a comprehensive identity check, monitor your identity and online presence, and be vigilant about protecting your identity.

The Changing Landscape of Spam

By | October 19th, 2011|Uncategorized|

PC Mag recently published an infographic that visualizes a study by Commtouch about “The State of Hacked Accounts.” Commtouch collected data from email users who have had their email accounts hacked to draw conclusions about email security and the motives of email hackers.

Findings:

The study found that two-thirds of hacked email accounts are used to send spam or scams to email addresses listed in the account’s address book, full of family and friends. Many of these messages are focused on obtaining money from the recipients. They utilize angles such as “stuck in a foreign country, please send money,” and recipients see that someone close to them is asking for financial help.

Traditionally, email spam has been focused on marketing (generally unwanted) products through huge email blasts. Email and security providers quickly caught on, however, and now automatic spam folders work their magic on a regular basis and botnets can now be taken down instantly.  What does this mean for spam?

A Changing Landscape:

The spam landscape has changed. Hackers have realized that, with the onset of spam filters and the decline of botnets, they have to switch tactics. They have been finding success in compromising existing email accounts for spam and scams because (1) these accounts exist within whitelisted IP address ranges like Hotmail, Yahoo and Gmail, thus bypassing spam filters and (2) recipients are more likely to open emails from a familiar addresses than unknown senders, and are therefore more likely to follow through in providing personal information.

 eWeek’s Fahmida Rashid wrote an article describing the modern inner workings of the hacker community: “Hackers are often perceived as isolated, alienated individuals, working alone or in small groups. In reality, hackers are quite social, frequenting online forums and chat rooms to brag about their exploits, exchange tips and share knowledge, according to a recent analysis of hacker activity.”

The Future:

So what does this mean? We can likely expect an increase of such personalized scams, in email as well as social media outlets. To combat these intelligent, organized and widespread hacker communities, we have to do our best to predict next moves and be a step ahead. Then again, that’s why the U.S. government is hiring hackers left and right, but that’s for another blog post.

In the meantime, be smart. See the prevention tips in at the bottom of the infographic, and check out identity protection tips from our consumer identity theft expert, John Sileo, in earlier blog posts.

Load More Posts