Future Watch 2: Cyber Security & Individuals
Today Chris is talking to Gemma Christie about the world’s biggest data breaches, data security at your bank, your mobile phone company, the government and where Google are going with security.
G: In your original article, you linked to a pretty good infographic that was showing the World’s Biggest Data Breaches (http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/). Some of these companies were eBay and JP Morgan. How at risk are large organizations and of course, the individuals that are subscribing to, buying from or working with these organisations? Are they at risk?
You cannot drop the ball on Cyber Security
C: I think every organisation is potentially at risk. You cannot drop the ball on cyber security. You’re only as good as your previous day’s clean bill of health. I think one of the things that a security professional taught me when I was first starting out designing systems, is that the answer from security is no. Think like security. They’re not going to let you do this, so what will they allow me to do because I need that data or that transaction to break through what is a secure area.
Security people do not like leakage. They don’t want stuff that’s their organisation’s to be taken and pushed out into the open world. You don’t want rogue users in your environment, and rogue transactions in your environment. You’ve got different types of thing that you’re trying to protect, and you need different techniques and you need different types of vigilance. Be it from someone looking at a camera because you’re stopping physical intrusion, through to someone looking at trends in data performance because what you won’t see is the process that’s caused it being rogue. But what you will see is maybe the evidence of its existence because you’re processing time is getting longer, you’ve got unused threads and you’ve got database that shouldn’t be there.
Understanding your system and actively understanding what’s going on and being able to report with confidence, “Yeah, I know what’s going on. My data, my system, is safe and secure.” Having that process and those robust checks and balances to make sure people are doing their job and the system is working as designed are key.
G: What do you say to organisations that still haven’t put in place those secure systems?