In the last few months, we’ve seen all sorts of firms have their data hacked. From ISPs to Banks and from recruitment firms (not us!) to, erm, adult sites, it’s an increasingly common problem. A friend who has recently done some work with a major PR company tells me that their clients fear cyber attacks almost more than any other kind of problem, although PR can only do so much after the event...
Hacking/cyber attacks are not the kind of thing any company wants to see. Whenever they happen, all over the country other firms’ cyber security specialists breathe a sigh of relief and recited the well-worn mantra, “there, but for the grace of God, go I”. Yet it could so easily be ‘I’ next.
It’s hard, even with great PR, to say much more than “sorry, and we’ll do everything we can so this never happens again”. Yet, that phrase, which is trotted out after every disaster, accident or unforeseen event, sums up much of what is wrong with our approach to cyber security (and security generally). It also misses the point that it has already happened, which gives rise to the other well-known aphorism about shutting the stable door after the horse has bolted.
We know our lives are becoming ever more digital. We also know that this increases the chances of our having our data compromised (aka stolen and then used for nefarious purposes). It can lead, as it did for thousands of bank customers recently, to a lot of people losing a lot of money (including the bank, which had to compensate everyone for their losses). Or it can lead to a greater degree of embarrassment, as reported even more recently, should you have been foolish enough to leave your details with Friend Finder - that ‘Adult Friend’ website which exists to help people to have sexual liaisons. It’s a reflection of the relative importance of the different industries that there were ‘only’ 700,000 people whose details were half-inched from one recent attack on a major international firm, but 73 million from the adult dating site. Also, it’s debatable which is worse – having all your money stolen or your other half finding out that you’re serially unfaithful.
The problem, as noted above, is that these stories only arise after the event. All the firms whose cyber security is working may breathe that sigh of relief, but it’s a fact that, while we can never guarantee that we can keep the hackers at bay, there is a lot that can be done to help reduce the risks. In the case of the Friend Finder site, it was reported in the Daily Telegraph that, “It is thought that hackers exploited a known vulnerability to gain access to the information”. If it is “a known vulnerability” then why wasn’t more done to stop the breach being made?
Ironically, just a few days before, I’d been reading an article that prophesied (not that this is difficult) that the need for cyber security specialists continues to grow, not least in government where the implications for national defence are increasingly worrying. A cartoon that showed foreign spies sitting round a computer, cackling that they were about to boil everyone in the UK’s kettles even though it wasn’t tea time, might be funny, but if it actually happened then questions would be asked. CVs, kettles and kama sutra today, but power stations tomorrow. Everyone – government, adult dating sites, recruiters and anyone who banks online (and hasn’t yet set up two stage verification), needs to do what they can now, so the unforeseen becomes seen and we genuinely can say that we’ve done everything we can, now, not when it’s too late!
Alasdair Walker, Be-IT Resourcing