Tag Archive for: Data Breach

DOGE’s Disastrous Cybersecurity Slashes: An Open Bar for Nation-State Hackers

The Department of Government Efficiency (DOGE) has made a catastrophic decision—one that isn’t just political but a direct threat to national security. Without conducting a single interview, DOGE and the new administration fired hundreds of cybersecurity experts from key agencies, including:

  • The Department of Homeland Security (DHS)
  • The Cybersecurity and Infrastructure Security Agency (CISA)
  • The National Institute of Standards and Technology (NIST)
  • The National Science Foundation (NSF)

By gutting these critical roles, DOGE has rolled out the red carpet for cybercriminals, giving hackers from Russia, China, North Korea, Iran—and anyone with a laptop and bad intentions—free rein to attack America’s most sensitive systems.

DOGE is intoxicated with power it should not have, but it’s every American that is going to suffer the hangover.

A National Security Disaster

The agencies responsible for protecting Social Security benefits, tax returns, healthcare records, and even nuclear codes are now severely understaffed. This means:

  • Longer detection times – Breaches could go unnoticed for months or even years.
  • Weaker defenses – Cyberattacks will be harder to prevent and contain.
  • Increased financial and personal risk – Both individuals and businesses will be more vulnerable to cybercrime.

And this isn’t just hypothetical. China successfully hacked the U.S. Treasury Department, major telecom companies, and even former President Trump’s phone calls—for years—without being detected. That happened before these mass firings. Now? The situation is far worse.

Businesses Are in the Crosshairs Too

The private sector won’t be spared either. With fewer cybersecurity experts:

  • No coordinated threat-sharing – Attacks will spread unchecked between companies.
  • No elite response teams – Breaches will cause more damage and take longer to fix.
  • More ransomware attacks – Businesses will be forced to pay millions to cybercriminals.

Who exactly will stop the next Colonial Pipeline attack? The next United Health breach? The experts who saved those companies no longer work for the U.S. government.

What Can Be Done?

While DOGE continues its reckless power grab, Americans still have a voice. Here’s what can be done now:

If nothing is done, the next cyberattack won’t just be an inconvenience—it will be a full-scale crisis.

The warning signs are clear. The only question now is whether action will be taken before it’s too late.

If your organization needs help navigating the chaos, let’s talk

 

 

The Largest Hack in American Telecom History: What You Need to Know

We’ve just witnessed the largest hack of American telecom companies in history. If you’re a customer of Verizon, AT&T, T-Mobile, or any other major provider, your personal data may have been exposed. Hackers can intercept your texts, record your phone calls, and potentially steal sensitive information. The FBI has even issued an emergency alert in response to this unprecedented breach.

The culprit? A group known as Salt Typhoon, backed by the Chinese Ministry of State Security. These hackers managed to infiltrate the backbone of America’s telecom infrastructure, making this the worst infrastructure intrusion ever. Alarmingly, this breach went undetected for years. American telecom companies were unaware of the lurking danger until Microsoft first uncovered the intrusion.

A Scary New Reality

Here’s where it gets even more concerning:

  • Salt Typhoon gained access to lawful wiretap systems used by the U.S. government.
  • They can see which phone numbers are being tapped and identify Chinese spies under surveillance.
  • They know which spies aren’t being watched, giving them a critical intelligence advantage.

For individuals, the implications are equally alarming:

  • Unencrypted texts and calls can be intercepted.
  • Plain-text messages, like those sent via SMS between iPhones and Android devices, are particularly vulnerable.
  • Hackers can intercept unencrypted two-factor authentication (2FA) codes, compromising account security.

The Organizational Impact

For organizations, the problem lies in the telecom infrastructure itself:

  • Many systems were built decades ago, long before cyberattacks became a widespread threat.
  • These outdated systems remain deeply embedded in modern telecom networks, making them prime targets for intrusion.
  • Once inside, hackers like Salt Typhoon can exploit master passwords to navigate systems undetected.

How to Protect Yourself

To safeguard your communications, consider these steps:

  • Switch to apps with end-to-end encryption, such as Signal, WhatsApp, and FaceTime.
  • Use Apple Messages for encrypted conversations if communicating between two Apple devices.
  • Avoid sharing sensitive information over unencrypted calls or texts.

Before sharing sensitive information over a call or text, think twice. Use encrypted communication tools to protect your privacy and secure your data in this new era of heightened cyber threats.

In today’s rapidly evolving threat landscape, staying ahead of cybercriminals is no longer optional—it’s essential. Equip your team with the skills and knowledge they need to defend against increasingly sophisticated attacks. Let’s collaborate on a dynamic presentation tailored to empower your organization with actionable strategies to outsmart even the most intelligent cybercriminals. Reach out today to strengthen your first line of defense!

 

The Future of Online Security: How Passkeys Can Protect Your Loved Ones

When you cut through the technical jargon (which can sometimes feel a little intimidating or dull), cybersecurity boils down to one simple truth: it’s about safeguarding the people we care about most. That’s the heart of the advice I give to my two grown daughters—practical, no-nonsense tips to help them stay safe in an increasingly digital world. Today, I’m passing those same tips along to you so you can protect the ones you love, too.

Let’s talk about passkeys—the smarter, stronger, and safer alternative to traditional passwords. They’re designed for busy people who want top-notch security without the hassle.

Here’s everything you need to know about them and why they’re a game-changer for your digital safety:

Why Use Passkeys?

While passwords have served us well, they’re no longer enough to combat today’s sophisticated online threats. Passkeys offer a major leap forward in digital security by addressing the main flaws of traditional passwords:

  1. Phishing-Proof
    Phishing attacks—where scammers trick you into entering your password on fake websites—are among the most common online threats. Passkeys eliminate this risk entirely because:
    • You don’t manually enter them.
    • Only legitimate websites can validate passkeys.

In other words, a phishing site can’t steal what you never type.

  1. Breaks Bad Habits
    Many people reuse passwords across multiple sites or choose weak, easily guessable ones. Passkeys, however, are unique to each service, so:
    • No two services share the same login credentials.
    • There’s no temptation to reuse old, insecure passwords.

This automatic uniqueness ensures your accounts stay secure, even if one service is compromised.

  1. Data-Breach-Proof
    Even if a website is hacked, the public key stored on the site is useless to attackers without your private key. And because your private key never leaves your device, it can’t be exposed in a data breach.
  2. Convenient and Safe
    Passkeys offer the best of both worlds: they’re as secure as two-factor authentication (2FA) but without the extra hassle. With a passkey, you:
    • Log in with just your fingerprint, face, or PIN.
    • No longer need to manage complex passwords or remember dozens of logins.

How to Start Using Passkeys

Setting up passkeys is easier than you think. Follow these steps to integrate them into your digital life:

  1. Set up a passkey with major retailers like Amazon
  2. Set up a passkey with all of your banks (Wells Fargo)
  3. Set up a passkey for your Microsoft & Apple accounts 

Use Your Passkey Across Devices
Switching between devices is easier than ever. Sync your passkeys using cloud services like iCloud Keychain or Google Password Manager. This ensures you always have access to your accounts, no matter where you are.

Why Passkeys Are a Smart Choice
In today’s fast-paced world, security should be simple. Passkeys make online security easier by:
• Reducing the need to remember complex passwords
• Eliminating worries about phishing and data breaches
• Minimizing the risks associated with weak or reused passwords

For me, passkeys are an easy “yes.” They offer peace of mind while keeping my loved ones safe online. That’s why I’ve already encouraged my daughters to adopt this technology—and now, I’m encouraging you to do the same.

What’s Next? Start Protecting Your Loved Ones
Cybersecurity doesn’t need to be complicated or intimidating. By switching to passkeys, you’re taking a major step toward safeguarding yourself and your family from online threats.

Whether you’re helping your kids set up their first email account, securing your partner’s online banking, or simplifying your own digital life, passkeys are the key to a safer, smarter, and more convenient future.

Ready to get started? Next time you log into a service, look for the passkey option—it might be the best decision you make for your family’s online safety.

Ps. In case you missed it, make sure you’re also aware of the One Smartphone Security Tool You Might Be Missing

Cybersecurity Alert: UnitedHealth’s Billion Dollar Data Breach

One in three Americans recently had their healthcare data hacked from UnitedHealth – TWICE. The stolen data likely includes medical and dental records, insurance details, Social Security numbers, email addresses and patient payment information.

UnitedHealth Group’s subsidiary, Change Healthcare (which processes an estimated 50% of all health insurance transactions in the U.S.), fell victim to a ransomware attack that thrust the U.S. healthcare system into chaos as pharmacies, doctor’s offices, hospitals and other medical facilities were forced to move some operations to pen and paper.

Behind the scenes, UnitedHealth Group chose to pay the BlackCat ransomware gang (aka ALPHV) an estimated $22 million in blackmail ransom to restore system functionality and minimize any further leakage of patient data.

Problem (expensively) solved, right? Not even close. After UnitedHealth paid the initial ransom, the company (or quite possibly BlackCat itself being hacked by hackers) reportedly experienced a second attack at the hands of RansomHub, which allegedly stole 4TB of related information, including financial data and healthcare data on active-duty U.S. military personnel.

To take the breach and ransom to an entirely new level, RansomHub is now blackmailing individual companies who have worked with Change Healthcare to keep their portion of the breached data from being exposed publicly. For many small providers, the ransom is far beyond what they can afford, threatening the viability of their business. Some of the larger individual providers being blackmailed are CVS Caremark, MetLife, Davis Vision, Health Net, and Teachers Health Trust.

As of today, even with millions of dollars collected by the hackers, all systems are not up and running.

There are three critical business lessons to take from the UnitedHealth breach:

  1. Ransom payments do not equal the cost of breach. The ransom amount companies pay is a fraction of the total cost of breach. In UnitedHealth’s case, they paid a first ransom of $22 million, but only months into the breach have reported more than $872 million in losses. Operational downtime, stock depreciation, reputational damage, systems disinfection, customer identity monitoring, class action lawsuits, and legal fees will move the needle well beyond $1 billion within the fiscal quarter. Risk instruments like cyber liability insurance can balance the losses, but prevention is far more cost-effective.
  2. There is no honor among thieves. Even when organizations pay the ransom demanded, (and in the rare case that they get their data back fully intact), there is no guarantee that the cybercriminals won’t subsequently expose samples of the data to extort a second ransom. In this case of Double-Dip Ransomware (as I call it), a dispute among partnering ransomware gangs meant that multiple crime rings possessed the same patient data, leaving UnitedHealth open to multiple cases of extortion. Paying the ransom instead of having preventative recovery tools places a larger target on your back for future attacks. If you haven’t implemented AND tested a 3-2-1 data backup plan and a Ransomware Response Plan, do so immediately.
  1. The Human Hypothesis on the Source of Breach. There has been no disclosure to date on exactly how the hackers got into Choice Health’s systems, but my highly educated guess (from seeing so many similar breaches) is that an employee of, or third-party vendor to, UnitedHealth was socially engineered (scammed) to share access into one of their business IT systems. The company will generally report this human oversight and poor training as “compromised credentials” which tries to make it look like a technological failure rather than a human decision. From there, the hackers “island hopped” laterally to increasingly critical servers on the network. It’s likely that the cyber criminals are still inside of key systems, hiding behind sophisticated invisibility cloaks.

The solution here is to make sure that the heroes in your organization, the human employees who are your first and best line of defense, are properly trained on how to detect and repeal the latest social engineering attacks. Over 90% of all successful attacks we see are due to a human decision that leads to malicious access.

All organizations and leadership teams must ensure your Security Awareness Training addresses all the changes that artificial intelligence brings to the cyberthreat sphere. To ignore the alarm bells set off by UnitedHealth Group’s disastrous breach is to risk your organization falling ill to a similar fate.

Anyone in your organization can be the unfortunate catalyst that triggers a disastrous data breach similar to UnitedHealth’s. My latest keynote, Savvy Cybersecurity in a World of Weaponized A.I., teaches the root cause of successful social engineering scams and necessary technological preparation for ransomware attacks. REACH OUT TO MY TEAM TODAY to discuss this vital topic at your next meeting or event.

  1. If you are a patient of UnitedHealth, Change Healthcare, OptumRx or any of their subsidiaries, take the following steps immediately:
  2. Visit the Cyberattack Support Website that UnitedHealth Group established for affected customers.
  3. Make sure that you have a Credit Freeze on your Social Security Number.
  4. If you are an OptumRX customer, call them directly (1-800-356-3477) to make sure that your prescriptions haven’t been affected and that they will ship on time.
  5. Monitor all of your health and financial accounts closely for any changes or transactions. Create automatic account alerts to make this easier.

 

John Sileo is a privacy keynote speaker, award-winning author and media personality as seen all over TV. He keynotes conferences virtually and in person around the world. John is the CEO of The Sileo Group, a business think tank based in Colorado.

Equifax Data Breach Protection Tips

How to Protect Yourself from the Equifax Data Breach

Equifax, one of the three major consumer credit reporting agencies disclosed that hackers compromised Social Security and driver’s license numbers as well as names, birthdates, addresses and some credit cards on more than 143 million Americans. If you have a credit profile, you were probably affected.

Credit reporting companies collect and sell vast troves of consumer data from your buying habits to your credit worthiness, making this quite possibly the most destructive data security breach in history. By hacking Equifax, the criminals were able to get all of your personally identifying information in a one-stop shop. This is the third major cybersecurity breach at Equifax since 2015, demonstrating that they continue to place profits over consumer protection. Ultimately, their negligence will erode their margins, their credibility and their position as one of the big three.

But that isn’t your concern – your concern is protecting yourself and your family from the abuse of that stolen information that will happen over the next 3 years.

Minimize Your Risk from the Equifax Data Breach

  1. Assume that your identity has been compromised. Don’t take a chance that you are one of the very few adult American’s that aren’t affected. It’s not time to panic, it’s time to act.
  2. If you want to see the spin that Equifax is putting on the story, visit their website. Here’s how the story usually develops: 1. They announce the breach and say that fraud hasn’t been detected 2. A few days later when you aren’t paying attention, they retract that statement because fraud is happening, 3. Sometime after that they admit that more people, more identity and more fraud took place than originally thought. They encourage you to sign up for their free monitoring (which you should do), but it does nothing to actually prevent identity theft, it just might help you catch it when it happens.
  3. I recommend placing a verbal password on all of your bank accounts and credit cards so that criminals can’t use the information they have from the breach to socially engineer their way into your accounts. Call your banks and credit card companies and request a “call-in” password be placed on your account.
  4. Begin monitoring your bank, credit card and credit accounts on a regular basis. Consider watching this video and then setting up account alerts to make this process easier.
  5. Visit AnnualCreditReport.com to get your credit report from the three credit reporting bureaus to see if there are any newly established, fraudulent accounts set up. DON’T JUST CHECK EQUIFAX, AS THE CRIMINALS HAVE ENOUGH OF YOUR DATA TO ABUSE YOUR CREDIT THROUGH ALL THREE BUREAUS.
  6. MOST IMPORTANTLY, FREEZE YOUR CREDIT. The video above walks you through why this is such an important step. Some websites and cybersecurity experts will tell you to simply place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile, so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau. Equifax is being overwhelmed by requests, so be patient and keep trying. Even if it doesn’t happen today, you need to Freeze Your Credit!

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

John Sileo is an an award-winning author and keynote speaker on cybersecurity. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Sileo Identity Theft Prevention & Online Privacy Checklist

Identity theft prevention is not a one-time solution. You must accumulate layers of privacy and security over time. The following identity theft prevention tips are among those I cover in one of my keynote speeches.

  1. Review your Free Credit Report 3X per year at www.AnnualCreditReport.com.
  2. Opt-Out of financial junk mail.
  3. Stop Marketing Phone Calls at www.DoNotCall.gov.
  4. Freeze Your Credit. State-by-state instructions at www.Sileo.com/2.
  5. If you don’t want to use a credit freeze, place Fraud Alerts on your 3 credit files.
  6. Use sophisticated Identity Monitoring software to detect theft before it’s disastrous.
  7. Stop Sharing Identity (SSN, address, phone, credit card #s) unless necessary.
  8. Protect Your Wallet or Purse. Watch this video.
  9. Protect Your Computer and Online Identity. Privacy Means Profit
  10. Protect your Laptop. Visit www.Sileo.com/laptop-anti-theft for details.
  11. Bank Online: online bank statements, account alerts and bill-pay.
  12. Buy a Shredder (or 2) & shred everything with identity you don’t need.
  13. Minimize Social Networking Exposure. Privacy Means Profit
  14. Lock down your Social Networking Profiles www.Sileo.com/facebook-safety.
  15. Realize that approximately 50% of the worst ID theft crimes are committed by Acquaintances & Friends.
  16. Set up two-factor authentication with your bank.
  17. Stop Clicking on Links in emails and social networking posts that you don’t recognize as legitimate.
  18. Avoid emails/faxes/letters/calls/people promising Something for Nothing.
  19. Know that protecting Other People’s Privacy is part of your responsibility.
  20. For more tools, purchase a copy of John’s Latest Book on Information Survival, Privacy Means Profit.
  21. Subscribe to The Sileo Report eNewsletter and follow John’s Blog.
  22. Consider bringing John Sileo to speak to your organization on identity theft, cyber crime, social engineering, social media exposure and other topics of information exposure.

Whose Device – Yours, Mine or Ours?

Carrying multiple personal devices is a pain and, yet, the fear of giving away critical company data is a nightmare.

For most of us, being connected equals being productive. However, this simple equation becomes complex when one has to juggle personal devices with those issued by our employers. Paramount in an employer’s mind is the protection of the company’s critical and confidential business data but they don’t want to alienate employees by being too restrictive on using their personal smartphones and tablets.

Recent research has found that nearly three out of four adults don’t protect their smartphones with security software and these same people often use their devices to access social media and websites that attract cybercrooks. Poorly-secured  devices can be easily accessed by hackers who are becoming evermore sophisticated and ferocious.

This device conundrum ties directly to corporate IT culture and the question of allowing employees to use personal devices to conduct business. The solution ranges anywhere from an outright ban (which employees often ignore) to fully embracing an employee’s choice, while building corporate safeguards to block spam and corrupt application downloading. Some companies permit it with tight controls such as having the ability to wipe the gadgets clean of all information in the case of loss. Of course that means all personal data will be wiped along with business data but studies show employee satisfaction (ergo productivity) is tied to exercising personal preference of devices.

Security and legal teams wrestle with this dilemma constantly in the mobil world of today and there’s no clear cut answer. Protecting a company and its clients’ data is essential; but also, productivity, efficiency, organization and responsiveness are but a few benefits of giving employees their choice of gadget.

Arming those same employees with the safety measures to secure their devices from fraudulent activities is where IT departments can manage risk. Building a parallel strategy that serves both corporate IT and the end-user is not only necessary, it is beneficial to the bottom-line.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper60 Minutes or Fox Business1.800.258.8076.

 

 

 

 

 

 

 

 

 

 

Dropbox a Crystal Ball of Cloud Computing Pros & Cons

Dropbox is a brilliant cloud based service (i.e., your data stored on someone else’s server) that automatically backs up your files and simultaneously keep the most current version on all of your computing devices (Mac and Windows, laptops, workstations, servers, tablets and smartphones). It is highly efficient for giving you access to everything from everywhere while maintaining an off-site backup copy of every version of every document.

And like anything with that much power, there are risks. Using this type of syncing and backup service without understanding the risks and rewards is like driving a Ducati motorcycle without peering into the crystal ball of accidents that take the lives of bikers every year. If you are going to ride the machine, know your limits.

This week, Dropbox appears to have altered their user agreement (without any notice to its users), making it a FAR LESS SECURE SERVICE. Initially, their privacy policy stated:

… all files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. Quote from PCWorld

Currently, the privacy policy says that Dropbox can access and view your encrypted data, and it might do so to share information with law enforcement. Why is that important? Because it means that the encryption keys that keep your files private are actually stored on Dropbox’s server, not on your own computer. This puts the keys to your data (and every other Dropbox user) in the hands not only of Dropbox employees and law enforcement, but vulnerable to hackers. When the encryption key is located on your computer, at least the risk is spread over Dropbox’s user’s network.

But there is an even bigger issue that this exposes about the world of cloud computing in general: anytime your data lives on a device that you don’t own, you lose a certain amount of control over what happens to it. Here is just a sampling of factors that can affect the privacy and confidentiality of your cloud-stored data:

  • The cloud service provider changes their Terms of Service (like Dropbox just did) to cover their legal bases, making your data less secure without your even being alerted. This happens almost every week with Facebook, which changes privacy terms constantly. When you log back into your account, you are automatically agreeing to the new Terms of Service (and probably not reading the tens of pages of legal jargon).
  • The provider is bought out by a new company (possibly one overseas) or has its assets liquidated (the most valuable assets are generally information), that has different standards for data security and sharing. You, by default, are now covered by those standards.
  • The security of your data is weak in the first place. Security costs money, and many smaller cloud providers haven’t invested enough in protecting that data, leaving the door wide open for savvy hackers. SalesForce.com might be well protected, but is the free backup service or contact manager that you use?
  • Your data exists in a more public domain than when it is stored on internal, private servers, meaning that it is subject to subpoena without your being notified! In other words, the government and law enforcement has access to it and you will never know they were snooping around. This isn’t a concern for most small businesses, but it is still a cautionary note.

So does this mean we should all shut down our Dropbox, Carbonite, iBackup accounts? No. Does this mean that corporations should not implement the highly scalable, dramatically efficient solutions provided by the cloud? No. It means that both individuals and businesses must educate themselves on the up and down sides of this shift in computing. They can  begin the process by realizing that:

  1. Not all data is created equal and that some types of sensitive data should never be placed in someone else’s control. This is exactly why there are data classification systems (I subscribe to those used by the military and spy agencies: Public, Internal, Confidential and Top Secret).
  2. Not all cloud providers are created equal and you must understand the privacy policy, terms of service and track record of each one individually (just like you would choose a car with a better crash-test rating for your family).
  3. Anything of immense power comes with costs, and those costs must be calculated into the relative ROI of the equation. In other words, the answer here, like most complex things in life, exists in the gray area, not in a black or white, one-size-fits all generalization.

John Sileo writes and speaks on Information Leadership, including identity theft prevention, data breach, social media risk and online reputation. His clients include the Department of Defense, Homeland Security, the Federal Reserve Bank, FDIC, FTC and hundreds of corporations of all sizes. Learn more about his motivational data security events.

Comprehensive Opt Out List for Marketing Databases

Major data breaches like the recent Epsilon Breach occur frequently, even if you don’t hear about all of them. With all the publicity surrounding this particular breach, people have been asking how to remove themselves from some of those marketing lists that are frequently compromised.

Opting our of marketing databases is one way to lower your risk of becoming a data breach victim.

So, how do I get out of marketing data bases?

Most databases allow you to opt out of having them share and sell your information, you just need to find out how.  Many sites make it tricky to get this done, but most sites that are selling or harvesting your information allow you to do so one way or another.

The Privacy Rights Clearing House lists 135 marketing data brokers who are selling your private information, and tells you whether or not they have opt-out policies. If they do, you have to go to the brokers’ websites and suppress your name yourself. Most of the sites have hard-to-find opt out pages, but you can generally track them down by visiting the Privacy Policy which frequently appears as a link in small print at the bottom of the home page.

Even if you opt out, unfortunately, most of these sites still retain your information in their databases, meaning that you are still at risk of a breach. But until we have stronger consumer rights governing our private and personal information, opting out is the best you can do.

 

Information Offense – How Google Plays

Google recently offered $20,000 to the first person who could hack their web browser, Chrome. Without question, a hacker will crack it and prove that their browser isn’t as mighty as they might think.

So why waste the money?

In that question, ‘why waste the money?’ lies one of the root causes of all data theft inside of organizations. Google’s $20,000 investment is far from a waste of money. Consider:

  1. The average breach inside of an organization costs $6.75 million in recover costs (Ponemon Study). $20,000 up front to define weak points is a minuscule investment.
  2. Chrome is at the center of Google’s strategic initiatives in search, cloud computing, Google Docs, Gmail, displacing Microsoft IE and mobile OS platforms – in other words, it is a very valuable asset, so Google is putting their money where their money is (protecting their profits).
  3. By offering up $20,000 to have it hacked IN ADVANCE of successful malicious attacks (which are certain to come), Google is spending very little to have the entire hacker community beta test the security of their product.

I would bet that there will be tens or hundreds of successful hacks into their browser, all of which will be fixed by the next time they commission a hack.

Anticipating the inevitable attacks and investing in advance to minimize the chances and resulting costs of a breach is a perfect example of Information Offense. Instead of waiting for your data to be compromised (defense), you take far less costly steps up front to deflate the risk. Only the most enlightened leaders I work with inside of corporations understand the value of spending a little bit on security now to reap huge benefits (in the form of avoided losses) down the road.

Too many leaders are so focused on the revenue side of the model (most of them are from a sales background) that they lack the depth of seeing the entire picture – the long-term health and profitability of the company. You know the saying… an ounce of prevention being worth a pound of cure. Just think of the ounce being loose change and the pound being solid gold.

Marshall Goldsmith, the executive coach, nails the behavior behind this phenomenon in his book, What Got You Here Won’t Get You There,

Avoiding mistakes is one of those unseen, unheralded achievements that are not allowed to take up our time and thought. And yet… many times, avoiding a bad deal can affect the bottom line more significantly than scoring a big sale… That’s the funny thing about stopping some behavior. It gets no attention, but it can be as crucial as everything else we do combined.”

Listen to Google and Mr. Goldsmith, and avoid the mistakes before you make them by asking yourself this simple question: How can I refocus my efforts and resources on playing offense rather than defense?

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.