2015 is the year to think about your IT security
2014 was a big year for IT Security awareness – it was the year when companies finally started waking up to the risks that can be caused by poor IT Security policies.
In late 2013 the US retailer Target was compromised by Malware placed on their POS (Point of Sale) machines. – over a three week period over 40 million credit and debit card details were stolen, along with 70 million addresses, phone numbers and other personal information – these cards, along with personal details are now available to buy online. For Target, it couldn’t really be any worse, they have failed to protect their customer’s private information. Information that a lot of the customers probably didn’t even realise was being stored. Needless to say, the CEO stepped down, probably forced upon him by the fact that these attacks probably could have been mitigated had certain warnings in their security infrastructure been acted upon. It did get worse for the consumer though, just a few months later in March 2014, a breach was discovered at another US retailer Home Depot. Likely carried out by the same people, this time the fraudsters managed to ex-filtrate 56 million credit & debit card details, along with 53 million email addresses.
At the end of 2014 we seen another huge attack – this time on Sony Corporation. Whilst the attack only came to light recently, it looks extremely likely that the cyber-intruders had been inside Sony’s systems for at least a year ex-filtrating data. Carried out by a team that calls themselves ‘Guardians of Peace’, the hack was said to be in retaliation for the release of Satire film The Interview. The hack stole huge amounts of data from Sony, including personal details of staff and celebrities, 47,000 social security numbers, pre-release films, private emails and much more. Sony decided they was no longer going to release the film after threats that whoever screens the show would be subject to attacks themselves. The film did receive a somewhat limited release on Christmas day and online at smaller theatres.
And finally, there was of course the iCloud hack. Which caused the somewhat ‘compromising’ private photographs of many celebrities to be leaked online. This was a multi-faceted problem, as it was almost certainly a problem with weak passwords on the account which could have been mitigated by using Two Factor authentication. However, whilst Apple was implementing 2FA well across most of its products, it hadn’t done so for iCloud which allowed iCloud accounts to be brute-forced and eventually compromised.
So with the aforementioned hacks of 2014 in mind, we’d strongly suggest thinking about your IT Security policies. Just because your business is smaller than the corporations above, it doesn’t mean that you are not at risk. It also doesn’t mean that you are helpless, the companies above had hundreds, if not thousands of endpoints for the hackers to gain access.
2015 is the year to enforce responsible computer use and adequate IT security.