Author Gary Hibberd
Well Christmas is almost upon us and we at Agenci hope it has been a successful and happy one for you. We are proud to say that Agenci has continued to see the business grow stronger with new people, new skills and new opportunities.
But as we approach the end of another year we believe it’s important to look back and reflect upon the past 12 months and reflect on the events that have taken place to see what lessons there are to learn from it. So pour yourself a glass of mulled wine, grab a mince pie and let’s take a look back at the stories which caught our eye this year…
For the world at large it has been a year that saw the term ‘phone hacking’ become a headline story. Early in the year it became clear that a number of tabloid journalists had accessed the voice-mail systems of a number of celebrities and thereby had access to information that gave them the ‘inside-scoop’!
Although ‘Phone Hacking’ exists, it in truth is known as ‘Phreaking’ and this requires relatively technical skills and capabilities. But what the journalists did was simply use standard operating processes of the messaging systems, which requires the user to enter a ‘secret code’ to access voice mail. The problem was that many of the celebrities had not bothered to change their codes(!) This meant journalists only had to tap into the system ‘1234’ and access was permitted!
Lesson 1: When you use a system (of any kind) don’t leave access-codes or passwords at the ‘Default’ setting. If you do you are vulnerable to others who know your system and look for people who are too lazy to check their settings.
‘iCloud Celebrity Nudes’
Many celebrities were hitting the headlines for the wrong reasons this year when it emerged that iCloud had been ‘hacked’ and 100’s of [ahem] “personal” pictures stored in the cloud were being sold on the Deep Web. A-List Hollywood stars Jennifer Laurence, Kate Upton and Kirsten Dunst were all victims of the hackers who are believed to have gained access either through a vulnerability in the iCloud backup process or by the simple activity of ‘phishing’ (sending out emails in the hope that the user will click an untrusted link or access an untrusted attachment).
Lesson 2: iCloud is a secure environment but like all Cloud environments there is a need to take precautions with the data and also with the backup processes. Passwords for systems such as iCloud should be changed often and two-factor authentication should be enabled.
Lesson 3: This is a relatively simple rule of life; If you’re taking “personal” images of yourself, it’s probably best not to store these electronically, on the Cloud and without good security around them! Remember, when you hit ‘save’ you have no guarantees where your pictures will end up!
Even Bond isn’t safe!
The title for the new James Bond movie, ‘Spectre’ was revealed to the world in November but quickly the headlines shifted from excitement to warnings of lawsuits as it became headline news that Sony had been hacked and early drafts of the movie-script had been stolen and were now being offered for sale on the Dark Market. It quickly became apparent that more disturbing events had taken place, with leaked emails containing social security numbers and financial reports exposed to the world.
This last week it has emerged that a North Korean hacker group has conducted the attack in response to a planned movie release which they were unhappy with. They have also reportedly detonated a series of Malware ‘logic bombs’ which have destroyed large parts of the Sony computer network, resulting in financial losses and spiralling costs. This is indeed a story that has yet to fully play out and we fully expect more details to emerge over coming months.
This was clearly a targeted attack and one of impressive complexity, but it seems that the attackers had been ‘on the inside’ for some time and it is quite possible that they also had insider help.
Lesson 4: Even the largest organisation can get it wrong. Information Security requires everyone to understand how they impact the overall security of the organisation. Training and awareness should therefore form the foundation of your security programme. In addition security needs to be constantly on the agenda and continually checked and improved. Ignorance is not a defence.
2015 – The year of the Sheep
The Chinese New Year in 2015 will introduce the year of the ‘Sheep’ (or Ram) and is said to be a good year which will see some of the political and economic issues improve and stabilise. This is great news for us all! But what about ‘Cyber Space’? Will we see this world improve and stabilise?
Our prediction is that the future will increasingly become virtualised and whilst the use of this world will become easier, it will become inherently complex to manage. Cyber Security breaches will continue to rise and businesses will have to take increased measures to protect themselves. But…
No matter how clever or complex our devices become, we need to remember that crimes are committed by people and their motivations haven’t changed much over the centuries. Greed, anger, jealously, revenge are all standard motivators to perform acts of crime and terrorism so if we can remember this, then we start to consider the threats that may impact our world and then discover where we are vulnerable.
As business owners and leaders we need to tackle this issue head on and ensure we offer the best chance of protection to our people and businesses. If we don’t do this then in the year of the ‘sheep’ you are compelled to follow the herd and tackle each issue that is presented to us.
We believe it is far better to lead rather than follow.
Agenci would like to wish all our clients, current and future a very successful, safe, secure and prosperous 2015. With the virtual universe around us expanding we know it’s going to be a busy one!
Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.
Please contact us here to speak to a member of our team.