Cybersecurity for Auld Lang Syne
Whether a product or service is old or new, cybersecurity remains a paramount issue.
With the new, there will always be a period of security concern after launch. We have seen this with the Internet of Things (which has proven to be an extended period), so it’s no surprise that Disney’s new streaming platform, Disney+ is now at the center of its own security concerns: namely that user information has been hacked from the service and is now being sold online. Kevin Mayer, however, Disney’s Direct to Consumer and International division head, denies any sort of security breach. He speculates instead that previous data breaches from other companies are responsible. Moreover, he states that the company’s policy is to constantly audit their security systems and lock any account where suspicious logins are observed. The user is then contacted directly.
Well, personally I’ll be glad if the service’s security matches Disney’s confidence, cause I still plan to get it.
But even a service that is more tried and tested has to keep special lookout for vulnerabilities. Something taken for granted, as simple as SMS messages can be at risk. Case in point: security researchers Noam Rotem and Ran Locar, who we’ve talked about before, discovered a database storing tens of millions of unencrypted SMS messages between companies and colleges and their customers and students. These entities use a provider named TrueDialogue, which owns the database, to send out messages in bulk; the recipients can also reply back. Within the stored messages were financial information like university applications, online medical service access codes, and credentials for Facebook and Google accounts. And those were just some of the contents. At this point we need no further reminders about compromised social media accounts.
Now, remember, all of this was unencrypted in the database. Perfectly clear to anyone accessing it. Generally these days we don’t see that base level of security neglected, but here we are. As we head into the new year it’s important to remember the areas of weakness posed by technologies both new and old. That goes for anything like text messages, and especially legacy systems. When it comes to older software and applications, securing the data to comply with modern standards can seem a daunting task; overhauling to new systems even more so. Regardless, it’s key to keep your policies up to date, simplify where possible, and prevent breaches wherever you can.