Cybersecurity is a common topic of conversation in our office—no really. It’s something that we’ve been writing about since the early days of Gloo almost a decade ago. So, if we see a data breach story in the news it always sparks a discussion. Last week we had plenty to talk about.
A team of ethical hackers recently put the cyber defences of UK universities to the test—and they failed to make the grade. It took the hackers just two hours to access high-value data—that includes personal information of staff and students, financial information and even academic research. In some cases, data was compromised in under an hour.
How were the hackers able to get in so quickly? The most effective approach was spearphishing. This is a form of targeted phishing, where the victim receives an email that leads to a site containing malware. Sadly, the universities aren’t alone. The research we’ve been involved in shows that many people, across all industries, continue to fall for even vanilla phishing attacks.
A new report suggests that in the UK data breaches are more common than rainy days. One reason for the preponderance of breaches could be that more than a third of companies think they aren’t storing any important data on their servers. But that’s naïve. Most companies holding commercially sensitive data on customers and personal information about employees. And for many, that’s just the start: there’s information on bank accounts, intellectual property, internal information that could be used for business email compromise and much more.
Another topic we write about a lot is the Internet of Things (IoT). Many companies are doing exciting things with IoT, but many others are being held back by concerns around security and privacy. But is IoT any more of a security risk than other new technologies? Just like elsewhere, some very simple measures could have a big impact. Data collected and analysed by research firm F-Secure has shown that 87% of observed threats to IoT devices involve weak or default passwords, unpatched software, or a combination of the two.
We often share stories about the death of the password. It’s a common headline, but, so far, we haven’t seen anything come close to replacing them. That’s why it’s important to have an effective password policy in place—and ensure users are diligent about using them. We’ve been writing about cybersecurity for a long time and passwords always come up. Whether it’s people using the same one for multiple accounts or failing to update the defaults that come with new equipment, too many organisations are still leaving themselves exposed by failing to address this security no-brainer.
These days no round-up of security news would be complete without at least one story about Facebook. The latest revelation is that an estimated 540 million people have been affected by a breach involving two leaky servers. This was seemingly the result of a series of mistakes that have left Facebook struggling to keep track of all its data.
Staff making mistakes is a common theme in cybersecurity—it’s something we’ve written about extensively. It can be something as simple as leaving a public computer logged in to sensitive systems, or storing passwords in plaintext documents.
If you’re a cybersecurity firm, how can you get across the importance of what you do? Why not start by taking a look at what our resident cybersecurity specialist had to say about current trends and building a compelling security message.
Posted by Katie on 8 April 2019