If time has allowed you to keep up with the latest technology news, you will have seen in the media, a statement from the Australian police, that an unnamed International firm based in Brisbane, Queensland, Australia was hacked recently.
The result being that valuable client data stolen and with the organisation forced by the perpetrators to pay a ransom in Bitcoins, for their sensitive sourced client data being held outside of their control. The Company duly paid the perpetrators thousand of dollars in Bitcoins, who then went on to escalate their demands, by threatening a Senior Employees’ child with on-line attacks.
Now why did the Australian police bring this into the public domain? Simply, to make people aware of the potential of such an attack and to ensure that individuals and organisations are vigilant as to their own technological security systems and to ensure that anyone else who had faced or may face a future malicious attack contacted them from the outset.
The case prompted acting Assistant Commissioner, Brian Hay to warn that businesses should never give in to extortion demands, but also be wary of posting personal information on social media that could be exploited as leverage by cyber criminals.
Now, I am completely respectful of all hackers’ ability to concertedly “attack” a technological system, gain access and move around with ease. We read about such occurrences frequently in the paper with much emphasise being placed by the authorities of the penalty which is then passed down on to such perpetrators.
Although truthfully, I remain deeply concerned, that some organisations do not fully appreciate the sensitivity of such data and therefore, the direct monetary value of the client data that they hold on their systems. Particularly, when those very firms may be instructed by a client, who has only divulged such personal data because they TRUST those firms. And as such there is quite rightly an assumption that those firms have taken every security precaution across their network to protect such data and to ensure that it does not enter the public domain at any point.
Some such data sensitive organisations, do full monetary background checks, comprehensive police checks, social media checks and ask employees to enter into Confidentiality Agreements to protect their client data from the potentially in-house element.
But technological security complacently can allow a pin prick opening to appear within their technological systems and that is, potentially, sufficient to allow an unauthorised visitor to work on that minute indentation. After a little focussed work by the hacker/s, they create a hidden entry and exit point to the technological system. And truthfully, that is all that it takes, not a large gaping hole but merely a pin prick indentation from which access can be gained.
I also believe that some organisations can be a little complacent about their introduced security systems and not fully appreciate the necessity to be vigilant, on a day to day basis, to ensure the continued strength of those systems against attack.
The requirement for any technological security is to be tightly maintained, with the requirement for regular “stress testing”, to manage and actively display, the resilience of their security systems against potential attack which should be an on-going protocol.
Technological security costs money, it is not an initial spend with the thought that is “job done”. Technological should remain a managed spend, keeping abreast of the latest security provisions that are coming on to the market.
If you think it is “job done” for your personal or Company security, then potentially expect a visitor, some may just access for fun to highlight the failures in an organisation’s so called, “security”, some may enter to expose what they consider to be data that should be brought into the public domain and some, may enter for totally malicious and/or monetary reasons in order to directly benefit from such an obvious security failure.
Am I sympathetic? Well very truthfully, no, everyone, whether individual or organisation has a responsibility to ensure the safety and security of their security technology and related sensitive data.
Lack of understanding and appreciation results in apathy, and any degree of apathy is what a hacker/s will naturally be drawn to. Be warned and be vigilant, please do not let an indentation develop into a hidden access and exit point into your technology and related data.
So, why did the Australian International firm which to remain anonymous? Well, that would clearly have been a well-thought out business decision. This organisation clearly could not afford for their clients to be aware that their data was out of the firm’s control. The impact, that is likely to have on their business, by either client withdrawal or by being sued by those clients for failure in protecting their sensitive data.
As an International organisation, that would naturally highlight the security failings of the Brisbane office and which potentially are likely to have been mirrored across the network at their other offices based around the World but who knows, perhaps someone in Brisbane just left the backdoor ajar!
So please be vigilant, make a daily investment in giving your thoughts over to technological data security as an issue for you personally, or your organisation.
Regularly stress test your security system and make a consistent managed time and financial investment to ensure that your technological data security remains as Fort Knox’ secure as technological advances allows.
And just a little reminder, which I hope you do not really need, which is of course, never, never, ever connect your second bitcoin computer which holds your bitcoin wallet to the internet. For that machine should never enjoy the fantastic view of the WWW for obvious bitcoin wallet safety reasons.