Securing core business data is essential for MSSPs who can see clients crash in financial ruin if their protectors fail.
Clearview AI, the facial recognition company used by law enforcement, reports its entire client list was stolen by a party with unauthorized access. While at least one state, New Jersey, has barred police from using its controversial facial recognition services, Clearview AI’s now-stolen client list contains most law enforcement agencies across the country.
But the main threat isn’t a list of police departments and law enforcement agencies; after all, that data is public information and readily available. One of the main threats this theft poses is in an illegal business advantage for competitors.
KnowBe4’s Roger Grimes
“At a minimum, that customer list can be sold to competitors who can then offer similar services with steep competitive discounts to gain market share, along with which potential customers seem to be the biggest users and thus are likely spending the most money. That’s a n- brainer,” said Roger Grimes, data driven defense evangelist at KnowBe4.
Crashing business models to create an unfair business advantage for others is increasingly becoming a favorite tactic. Think of it as a subset of corporate espionage. And securing core business data is fast becoming an added focus for MSSPs who can see clients crash in financial ruin if their protectors fail.
Grimes said the list might also be used in a sophisticated spearphishing campaign, where membership can be tied to specific phishing attempts which appear to have insider information.
“Any bits of private information and knowledge, such as account names, that can be used within a spearphishing email, make that email seem more realistic and more able to fool a higher percentage of people,” Grimes explained.
The company’s facial recognition database is comprised of billions of photos scraped from social media, including Facebook, YouTube, and Venmo, according to a New York Times report. The company’s practice of gathering photos without permission from the owners or the subjects fuels ongoing privacy concerns.
Tripwire’s Tim Erlin
“This notification provides very little actionable information for anyone involved or just trying to avoid the same mistakes. A breach like this just adds fuel to the fire for Clearview’s critics,” said Tim Erlin, VP of product management and strategy at Tripwire.
As is the case with other breaches, look for it to be used in other types of threats down the road. Cybercriminals are very adept these days at combining stolen databases to create ever more sophisticated attacks.
MSSPs should also track developments on this and other breaches as standard operating procedure since it’s seldom that all the facts come out on first brush.
“We’re likely to hear more about the extent of this breach as investigations uncover more data, and history tells us that it’s likely to expand in scope,” said Erlin.
from
https://marketlogic0.wordpress.com/2020/02/26/client-list-stolen-from-facial-recognition-company-used-by-law-enforcement/
No comments:
Post a Comment