What can we learn from Equifax and Deloitte hacks?
We live in a world that is increasingly defined by technological change, particularly the way we work.
From multinational organisations to local SMEs, information technology and the Internet of Things are driving the progression of operations and service in countless ways.
Every business, big and small, must now consider themselves a digital business, if they are to remain competitive within their sector and reach as many potential customers as possible.
In turn, this shift towards digital has spurred on the progression of cybersecurity across all commercial industries. It’s common sense really: as our digital infrastructure continues to grow, so too does the need to protect it.
As part of our ongoing efforts for National Cyber Security Awareness Month, I’d like to underline some of the data protection challenges that modern businesses are currently contending with, as well as offering a few tips on how to fortify their defences.
You don’t need to be an industry expert to recognise that high profile cyber attacks and large-scale hacks are cropping up more and more every year. The most recent examples – involving international giants Deloitte and Equifax – shed further light on the need for businesses to review their digital security systems and keep pace with rapidly evolving approaches to hacking.
In the case of the Deloitte data breach, the security of its systems were compromised for at least four months before it realised there was an issue. The sophisticated hack involved the leaking of user names, passwords and confidential emails from the firm’s wealth of blue-chip clients.
As for the Equifax data breach, the true scale of consequences is still being uncovered and has since led Richard Smith to step down from his position of CEO. As many as 143 million people are said to have been affected so far.
One of the main worries is that these extensive breaches went undetected for so long. Much like the infamous WannaCry ransomware attack earlier this year, which spread havoc on a worldwide scale, both scandals have severely dented the reputation of each respective company, prompted a number of civil lawsuits, and highlighted the need for far tighter data protection legislation.
If there’s something to learn from this it’s that ensuring the security of websites, apps, connected devices and other online assets must be considered a chief objective for all businesses. At Secarma, we work closely with hundreds of organisations to bolster their cybersecurity systems wherever possible, and to implement training that embeds a culture of security.
Let’s take a closer look at some of the key factors at play here:
Testing your systems – There are few better approaches to spotting holes in the security of your digital assets than by simulating a cyber attack. By conducting a controlled ‘hack’ that tests the vulnerability of your private databases, a business can see exactly where it needs to implement additional security measures.
Patching your systems – Ransomware viruses such as WannaCry were allowed to spread because they exploited a specific vulnerability in a previous version of Microsoft. This could have easily been prevented by their systems had installed the latest security patch.
Training staff effectively – All employees connected to a centralised computer system must have a basic understanding of security patches, phishing and social engineering attacks, so that they can spot potential threats with relative ease.
Backing up data regularly – In the event of a cyber attack, having a previously stored version of your data that is readily accessible can certainly mitigate the impact of a serious incident. All data should be secured safely, and fully encrypted so that is remains inaccessible to external threats.
These steps provide a strong cyber security foundation for any business. As we continue to advance deeper into the digital age, the need to remain vigilant and prepared for the evolving nature of digital threats is becoming more and more critical to success.
Written by Paul Harris, managing director of Secarma.