In today’s world, data is as good as currency. The latest TalkTalk fiasco again highlighted how vulnerable our data is — our personal information, banking details and preferences accessible to anyone who has the smarts to overcome a company’s security system (in this case a 15 year-old). It’s a scary thought, and enough to make even the most established IT team shudder.
The reality is, however, is that company data has always been under attack. For many of these high-tech hackers, our personal information is simply used as a pawn in their cyber game, followed more often than not – like the TalkTalk case – by a ransom demand.
And unfortunately, their technical intelligence and patience is overtaking companies’ sometimes, complacent attitude to cyber security and we are now dealing with sophisticated criminals. The TalkTalk hack, for example, will have been months in the making. The hacker used a technique called distributed denial-of-service (DDoS), which essentially swamps a site with an extremely high volume of traffic, allowing the hacker to sneak through “the back door” while IT teams are stretching fighting to keep the site from crashing.
The next method, phishing, is likely one you have experienced yourself. Ever received those unsolicited emails asking you to confirm your bank details? Or a message from Mr Johnson — from a little town you have never heard of — that to your astonishment, claims your long lost aunty has left you over £1,000,000…which you can transfer to your bank account now if you just follow this link?
Likely the answer to one of the above is yes, and for many companies this also rings true. Cyber-thieves are creeping in through the front door this time, disguised as real customers, and sticking around long enough to become a recognised, trustworthy contact. At this point the employees become the supplier, downloading files from what they perceive as a trustworthy source, while data is slowly, but surely, siphoned off.
The demand for data is high, and it’s clear to see in the TalkTalk case that it’s time companies up the ante with their security measures. The cloud and big data has pushed IT teams into the limelight, and data privacy into the public eye. Now, their mistakes or oversights could literally bring a company to the ground — and much to IT teams’ anguish — this is likely to become the norm.