Earlier this week, residents of Ecuador woke up to the news that much of their personal data, including banking details, employment information, and identification
numbers, had been made publicly available by a small online consulting firm.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
While the 20 million victims are still far fewer than those of other recent scandals involving Facebook, Equifax, and other multi-nationals, the number is more
significant in that Ecuador only has 16 million citizens. Aside from the entire Ecuadorian population, victims included the recently departed as well as temporary
Ironically, one compromised account was that of Julian Assange, founder of WikiLeaks, who had been living in the Ecuadorian embassy in London until earlier this year.
Although this is the first time in history that an entire country's population has been digitally compromised in a single breach, Bulgaria made headlines earlier this
summer when their national tax agency was hacked, revealing the names, addresses, incomes, and social security numbers of nearly every Bulgarian adult. At this
rate, we can expect another two countries to succumb to similar attacks by the end of the calendar year. Which leads us to ask: Was Ecuador's fate inevitable?
While the specific events leading up to this particular breach are still being investigated, there are a number of points that can already be raised:
1) "The state of your cybersecurity is a parody."
This was the message left by the 20-year-old computer programmer responsible for the Bulgarian breach, and in many ways he's correct. For too long, politicians
have preferred to invest in the illusion of security, rather than the real deal. After all, it's far cheaper. In Ecuador's case, local privacy advocates have been
sounding the alarm for years, only to be ignored by those in power. This year alone, Ecuador admitted to purchasing Chinese facial recognition software in a push
to further surveil their citizens, exponentially increasing the amount of poorly protected data available to foreign and local hackers. In response to this week's
breach, President Lenin Moreno of Ecuador has vowed to fast-track a data protection law that should have been implemented years ago. While Ecuador and Bulgaria
have had to learn the hard way that data protection is more than slogans and promises, other countries (and companies) now have the opportunity to invest in
protecting their citizens' privacy before it's too late.
2) Cybersecurity is not only a technology, but a culture.
In our previous post, we discussed the Culture of Cybersecurity. Take Facebook for example. While their technical security skills remain nearly unrivaled
(they employ 20,000 security staff), they are sorely lacking in the area of cybersecurity culture. And it shows. It shows when they prioritize short-term profits
over long-term privacy. It shows when they choose to partner with data analytics firms just like the one in Ecuador, instead of looking out for the interests of
the communities upon whom they rely. And, finally, it shows when they encourage users to give up control over their data through confusing opt-in forms, instead
of educating those who need it most. For real change to occur in the digital world, more companies and countries need to recognize that an effective cyber
security strategy must always pay attention to not only the rules and regulations, but also to their culture and ideals.
3) Cybersecurity is a myth.
That is, cybersecurity is a myth. If your data is online, it is never 100% secure. Instead of selling their citizens and clients the dream of foolproof protection,
the job of security professionals should be to help protect their data today, and plan for a breach tomorrow. Research shows that, on average, it takes companies
nearly half a year just to identify a data breach, resulting in an exponential ripple-effect of further losses. Chances are that no matter what you do, you'll
face some sort of breach in the coming months and years. Have a plan in place to deal with it.
So, for those looking towards Ecuador and wondering what they can do differently, here's a takeaway: Proactively invest in a culture of cybersecurity before
anything happens, and have a plan in place for when that day eventually comes.