If 2014 is remembered for one thing, it might just be cyber security.
Over the past 12 months, we’ve seen enterprise security hit the headlines on an unprecedented scale. Some of these are variations on a theme, and others reinforce concerns we’ve been facing in the information security sector for some time.
- We’re at Cyber War: When the self-styled Guardians of Peace hacked Sony Pictures late in 2014, what followed wouldn’t seem out of place in a high-concept Hollywood movie. First came the leak of thousands of confidential emails revealing internal politics, pay packages and embarrassing private conversations, then came threats to cinemas planning to show controversial comedy The Interview and its subsequent cancellation. Former Republican Speaker of the House and presidential candidate Newt Gingrich called the incident “America’s first cyberwar”, and the ongoing incident demonstrates the high stakes and potential consequences that are possible with today’s advanced breed of hacker.
- Single-factor authentication is not enough: Hollywood celebrities had further embarrassment in September when private photos were stolen from Apple iCloud accounts and shared widely across the web. Rather than breach Apple’s security platform, the attack focused on figuring out usernames, passwords and security questions via brute force. Apple responded with promises to bolster iCloud security, but the incident shows that often the platform is not as important as the process. Two-factor authentication and regular checks of passwords remain essential in the battle for security.
- Your operating system is not necessarily your key point of vulnerability: In November we blogged about a data breach at Home Depot, one of America’s biggest home improvement stores. 56 million credit card account details and 53 million customer email addresses were taken by hackers after gaining access via a contractor’s electronic billing account. The retailer blamed Microsoft Windows but it was one user’s password that caused the breach, so again – two-factor authentication, ID protection and email data encryption should be considered by any organization that wants to avoid a similar fate.
- Employees remain the weakest link: Also in November, a survey from our CloudEntr colleagues revealed that SMBs overwhelmingly feel that employees are the weakest link in their organization’s security infrastructure (with 77% of IT professionals citing employees as the weakest link, compared with 8% for passwords and 7% for mobile devices). The learning here is clear: if you want your organization to remain as secure as possible, the security tools, protocols and processes you employ need to be clearly understood by employees and easy for them to use.
- The mobile C-Suite needs protection: As mobile working and WI-FI continue to become ubiquitous in the lives of busy C-level executives, the more likely it is that they will become direct targets for cyber-attack. While the proactive involvement of all employees (as noted above) remains crucial, organizations mustn’t neglect those at the top. Training to raise awareness of the potential dangers of unprotected WI-FI, poor passwords and lost devices is as relevant for them as it is everyone else.
So there we have it. Time will tell what 2015 has to offer us from a cyber-security perspective, but unfortunately the next high-profile incident is inevitable. However, if you look back and learn from 2014, you can at least minimize the chances that you’ll be the victim.