The traditional approach to security is no longer acceptable and many companies are not shifting their policies and protection quickly enough to deal with the fast-evolving security threats, says Martin Walshaw, senior engineer at F5 Networks.
The Ashley Madison hack this week has proven to be yet another example of businesses being unprepared for cyber security attacks.
The news of this hack has received extra attention due to the nature of the company’s service – it’s an online dating site for married people who wish to cheat on their partners. As many of us can only imagine, getting your personal details compromised in an online hack can be an unsettling and stressful ordeal. For users of the Ashley Madison site, however, this also becomes an embarrassing experience that could have a negative impact on their personal lives – particularly with hackers openly offering these user details to the highest bidder! According to reports, the details of more than 175 000 South African users of the service may have been compromised.
With the rate of data breaches showing no signs of slowing down, you may wonder whether it’s even possible to keep our online data secure. Indeed, it’s proving more and more difficult to do so. We trust organisations with our personal information, expecting they’ll make every effort to keep it safe and protected – and in most cases, they do. But consumers are now having to deal with threats that they can’t protect themselves against. The traditional approach to security is no longer acceptable in my view and many companies are not shifting their policies and protection quickly enough to deal with the fast-evolving security threats.
If you haven’t been targeted yet, you’ve been lucky. But if organisations don’t act now, hackers will continue to find new ways to compromise their systems and steal their data. Unfortunately, there is no silver bullet to solve the issue so many are now facing. However, organisations should start by looking at what they’re trying to protect and what it is hackers might be looking to compromise.
Increasingly, the vectors of these attacks are multi-threaded. For example, while a distributed denial of service (DDoS) attack might be ongoing, it is often designed to distract the security and IT team while hackers attack your applications surgically elsewhere to gain access to your data. The usual focus areas for these attacks are the applications, where a hacker may exploit the application logic or the people using these applications.
As the lines between the professional and social use of technology continue to blur, it is vital that we start to really recognise the significance of these attacks, how likely they are and how damaging they can be. The growing number of attacks being covered by the media certainly helps to emphasise how serious cyber threats are, but many businesses remain vulnerable to these virtual attacks. Whether or not they think their company could be a target, organisations need to be prepared and ensure their customer data is protected.
With the Ashely Madison hack, it has been interesting to see how the industry is split around the morals of it. But regardless of your views on this company and the service it offers, this is an unacceptable breach of online privacy. If we start separating hacks into those that are acceptable and those that are not, where does it stop? What if a group like the Syrian Electronic Army decided to take aim at any service that offended their views? Where would that leave us? If we want to keep businesses and consumer data safe from hackers, we need to be on the same side of the fence, rather than deciding whether a hack is moral or not.