Innovation. Productivity. Growth. We value these things. We put them at the centre of our business approach. But what about security?
Technology advances when someone builds on what’s already available. Do not reinvent the wheel; attach it to a cart (or a bicycle, or an all-terrain, voice-activated robot). This is all well and good if we are working with wheels, but what happens when it gets a little more complicated?
Today, we are building larger and more impressive platforms on unsafe, insecure and at times untested technology. Think of the popular app that ends up inadvertently sharing its users’ bank account numbers with a few curious hackers, or the cool “smart” fridge that’s still dumb enough to get taken over by bots. These systems are far from perfect. Of course they will be improved, but the next reiteration of the platform will not address the cybercrime problem. Instead, it will have more features, better speed, better performance, and better marketing.
Salespeople are very good at selling their product or service. They know that shiny objects and new features get our attention. But if what they are selling only ticks the productivity, growth or innovation box without bothering with the digital security and compliance box, you’re better off going back to typewriters and carbon paper.
We need to step back and make sure our systems are secure before they become an integral part of our lives and businesses. It is no use having the most convenient cloud storage if you have no idea how your client list is being kept safe.
In my business we see these failures regularly—daily, in fact. We’ve learned to think like the cyber criminals. We have to look at the system and work out what the bad guys are going to use it for. In my regular speeches I talk about pagers, the quasi-status symbol of fame and fortune in the 80’s, used by common criminals and pimps. No idea what they were designed for, but that’s what they were used for. It shows how the criminals always adapt technology to their own needs.
In today’s world, the criminals use Facebook and LinkedIn. We use these sites to vet prospects, look at people’s online personae and work out whether we should associate with them on a business or personal level. The bad guys do the same thing. They look for specific requirements within a profile (place of work, income, interests), and then with that information, they create a campaign to specifically target that profile. That’s spear phishing. They will send you an e-mail that looks legitimate, like it might come from someone you know. It’s bundled with high level, undetectable malware.
Once in, your computer is no longer yours. That is BAD.
We still have a long way to go before the digital world is as safe as some of the dark alleys in your city. We have to start somewhere. Technology providers have put the brakes on the rush to sales and revenue, and temper it with more security. Managers need to get educated and lose the “I want it now” mentality. And ordinary users have to become much more sceptical about what they spend their money on. It makes no more sense to buy an app or cloud storage system with poor security than it does to buy a 500-horsepower luxury car with defective brakes.
If we don’t change, then attacks like the ones on Target and EBay will become routine—and us regular punters will always be the ones worse off.