It doesn’t seem that long ago that we didn’t have online access to many of our utility, banking, and/or even shopping accounts. I was fortunate enough to be part of a revolutionary project at a university in southern England back in 1988, where accessing the internet was using a 1200 baud modem, a terminal emulator connecting via a mainframe that consumed two floors of a building. Five years later, we were introduced to “Mosiac” web browser by NCSA in 1993, which is widely credited with popularising the World Wide Web. That’s when the internet we know today started to evolve. A few years later, the internet started to grow, and access to it was more readily available. I received a CD-ROM from my bank inviting me to trial their online banking software in November 1997. Back then, I was using a dial-up modem over the phone line to connect to the internet. That was fun! Fast-forward 20 years to today, and look how far technology has come. It has become the way of life for many of us, and when we don’t have access to it, we seem to feel ‘cut off’ from life. Through technology advances, access to online services has become even easier through our smartphones. Apple introduced the iPhone in 2007, a device which revolutionised accessing the internet on the go. A few weeks ago, I took my family for a day out in London. I used my phone to do numerous activities like navigation, booking tickets, and paying for things through contactless payments. In the last 10 years, we have seen an explosion of a number of service providers, utilities and banks that have adopted to online services. We can now do practically anything online. But how secure are the systems we take for granted? Every day, we use systems that store and process our personal data. We take it for granted that these systems are secured to prevent data leakage, hacks and attacks, and for the most, I’m sure a lot of them are. Retailers, for example, have to adhere to strict standards and governance when processing and storing card data (PCI DSS). We’ve seen everyday household names hit the headlines where they’ve lost thousands of customer records, including personal data to hackers, who then release this information. So, in reality, how secure are these systems? Like an onion, there are many layers to reach to the core of these systems, from public-facing firewalls, internal firewalls, access controls, operating system, and the application itself. It’s about securing the systems from the inside-out, starting with the operating system and application and ensuring tight perimeter controls in place to prevent a breach. However, having a strong perimeter does not mean strong security. There is always the insider threat – that’s why we should be focussing on securing the endpoints, the internal systems, as well. There’s no one reason why hackers attack organisations. They could be after bank information, personal data, intellectual property, or financial gain as we commonly see in ransomware attacks. Other times, it could be just for fun or for recognition in the ‘hacker community.’ Anyone can be a victim of a cyber-attack. So, if merchants and organisations are protecting their systems from attacks, why are breaches still occurring? Methods used by the hackers these days have become much more advanced, and new software vulnerabilities are exploited by the hackers every day to gain access to your data held within these organisations. It’s becoming increasingly difficult for companies to stay on top of the latest threats. Weakened security controls are still one of the most common causes of data breaches. But rushing out and buying the latest security software doesn’t help if you don’t have the right controls in place. According to the Center for Internet Security (CIS), organisations that apply just the first five of its CIS Controls can significantly reduce their risk of cyber attacks by approximately 85 percent. That’s a huge amount, and although it may not stop the attacker, it will certainly make it harder for them to compromise those systems. Becoming more secure could be as simple as having stronger passwords or enabling two-factor authentication. According to Verizon’s 2015 Data Breach Investigations Report, 76 percent of network intrusions were a result of weak credentials. It’s common for the attackers to guess passwords, crack them, or use passwords used on other websites. Passwords were also stolen using malware or phishing attacks. So, in closing, we have witnessed how the last 20 years has evolved. We are under constant pressure to keep our systems secured and our personal data safe. Are we ready for the next 20 years where technology advances, attackers become smarter, and the detection and prevention technology evolve? Are we ready? If you are interested in learning more about the first five CIS Controls, you can attend our webcast entitled, Stop the Most Advanced Adversaries with the Top 5 Critical Security Controls, on March 29 by signing up here.
