COMMON MISTAKES IN IT SECURITY – KEEPING YOUR DATA SAFE

Question: What does Kmart, Sony Pictures, LinkedIn, Target, British Airways and Yahoo have in common?

Answer: They are just a small portion of the growing number of organizations that have been hacked or had their data or security breached and consequently exposed the personal, and in several cases, financial information of millions of customers. No matter how big or small your company, IT security is vital and no one is immune from possible hacking.

How safe is your data?

According to some surveys, account and payment based hacks have doubled year-on-year since 2014. The BBC recently reported that close to 6,000 on-line payment gateways had been compromised by organized cyber hacking groups. In general, companies with high, credit card-based transaction volumes are the primary target for these groups.

The problem is only going to get worse as businesses become increasingly connected and more services head into the cloud. Add to this the increasing number of employees introducing devices and wearable technology into the business network and it’s easy to see why businesses are so vulnerable to security breaches.

They trust what they know and what they can see. Unfortunately, this lack of attention and investment in digital security has a direct correlation to the drastic increase in cyber hacks and data breaches.

To put it into laymen terms, CEO’s and board members have spent a lot of time and money enticing customers in the front door and making sure the front end of the business works efficiently. All the while leaving the back door wide open for criminals to come in and take what they want.

Real Examples

This scenario happened to Target in 2013. In this example, a data breach exposed payment information for 40 million customers. The business decided to have ‘ad-hoc operational cyber security services under a strict contract budget’ only. During a breach, hackers uploaded malware disguised as existing data center products. While malware detection software caught each of the uploads and escalated the warning alerts, there was no one within the Target business tasked with reacting to the notifications.

It took Target 16 days to respond and eradicate the malware attack. By which time the hackers had gained access to 40 million credit cards and personal information for a further 70 million customers.

Target is, by no means, alone. In 2015, the Qatar National Bank suffered a data breach that exposed customer passwords, PIN numbers, financial transactions and personal information for more than 100,000 customers. An investigation afterwards revealed that hackers accessed the system through an SQL injection flaw in the bank’s website. Sony also suffered several similar attacks through its web portal, compromising tens of thousands of account holders’ personal details.

Through these examples, the main problem lies on the overconfidence of said corporations for not doing proper and thorough maintenance of their customer’s information – assuming that these cyber attackers will only target up and coming businesses and start-ups. Additional help is always welcome to strengthen your company’s data security.

How about outsourcing your IT security solutions?

Sure! IT solution vendors provide the necessary assistance and recommendations that an internal source cannot supply. However, to find the right one, you need the corporations that can take full responsibility for your company’s information security. Whilst, at the same time, also being experienced in managing unexpected incidences in case of data breach. Otherwise, you might as well leave the front door open and welcome any hacker or cyber criminal to come into your domain with a welcome mat.