Published on the 12/07/2016 | Written by Donovan Jackson
Information security, or indeed the lack thereof, has become so commonplace that it is a bit boring. Don’t let it be…
Banks lose a couple of million here, Ashley Madison a couple of million there, ransomware nails this small business or that one. It happens so often, it doesn’t really register all that much. Even when security company RSA got hacked…well, OK, that one had nearly everyone smiling a wry smile at the delicious irony; but when legitimate firm Mossack Fonseca got hacked, the 99 percent responded with glee.
But you really shouldn’t laugh, no matter how ‘just’ the hack may seem, even if only because you’ll probably be next. That was the message from Nick Malcolm, the boyish co-founder and CTO at Auckland based security outfit ThisData.
Presenting at the ITx tech conference in Wellington, Malcolm even went as far as to predict the future of security breaches, and it looks something like this: “The attack in which organisations like the Bangladeshi Central Bank lost millions was subsequently repeated at other banks. Some of the code used for the attacks was common to the [much earlier] Sony hack and possibly originated from North Korea. So the future is likely to be repeat, repeat, repeat.”
That’s right, more breaches, more often. Keep that smile on the other side of your face, in other words, as those continual assaults mean you’re in someone’s crosshairs.
And that applies to businesses as much as it does to personal lives. As more and more ‘things’ go online – cars, kitchens, you name it – Malcolm pointed out that this means there are more candidates for getting hacked. He produced an infographic which indicated that some 53 percent of all crime in the United Kingdom is computer-related (it was unclear if, for example, stolen Macbooks would make that category). Hackers are becoming more aggressive and technically proficient.
Add to that, there is a scarcity of talent and it’s a global problem. By his reckoning, Malcolm said the workforce will need some six million security experts by 2019, which will put industry at large short of some 1.5 million able bodied persons.
The real kicker, of course, is that despite information security being a widely acknowledged reality, it is also fairly yawn-inspiring. “There is still apathy; people think ‘it won’t happen to me’. There is under-investigation and under-reporting of security problems and companies take a box-ticking approach to security,” he said.
Sounds dreadful, but Malcolm quickly added that the future is not as bleak as it sounds (and indeed, despite these widespread, devastating breaches, the world seems to go on reasonably well). Governments are ramping up their games; New Zealand has allocated $22 million to a computer emergency response team and will introduce a security certification in 2017.
Businesses, too, are stepping up; Gartner, said Malcolm, estimates that by 2018, some US$101 billion will be spent on security. Unsurprisingly, he said organisations should consider developing talent and awareness of security issues in house, but outsource the hard stuff to companies dedicated to staying a step ahead of hackers.
He had some practical advice too: hop on to the internet and run a few free tools to help assess your security and drive better understanding of the issue among staff members – tools like bug bounties (HackerOne, BugCrowd), Phishing as a Service to send fake phishing emails to help alert employees to what the real ones look like (Phish5, PhishMe) and look into cloud monitoring tools (CloudLock, SkyHigh, Elastica, NetSkope).
Above all, said Malcolm, information security has to become a part of everyday conversations and people should help each other, even when hacks happen to competitors. “We’re all going to get hacked at some point, so be nice for when it happens to you.”
