Group efforts are required to secure data
A number of sites have recently experienced data breaches, and now the stolen information is up for grabs on the dark web. ShinyHunters, the hacking group reportedly responsible for these multiple cases, is offering over 73 million records from sources like the dating app Zoosk, the Star Tribune, several South Korean fashion and furniture sites, and an assortment of other places. If you heard about this month’s breach of Tokopedia, the online Indonesian store with a database fenced on the dark web for $5,000, that was also the same group.
The scale and speed of the attacks mentioned illustrate the risks faced by the 4.5 billion people who went online last year. As we’ve said countless times here, against such forces every individual is their data’s own best guardian. Above all rules and regulations and policies, no one can look after your security better than you. Like Security Boulevard’s Christoph Schell says, cybersecurity only works if everyone plays their part.
What this entails is no different from the topics we regularly discuss. People clicking on phishing emails by mistake, reusing simple passwords across multiple accounts: this is nothing new. And yet the simple act of not clicking a link can save people a world of headaches. We’ve also seen research in the past that demonstrates the high risk posed by insider threats, intentional or not. Knowing the difference between legitimate and fraudulent emails can prevent someone from being the weak link in an organization. Especially as the Internet of Things (IoT) continues to proliferate, connecting more people around the world while also vastly expanding the attack surface for cyber criminals. Just imagine if you have a whole connected smart city. If I were a hacker I’d be salivating at the prospects of what I could attack.
That is why it’s crucial for companies and agencies to provide comprehensive security and privacy training to people who might not be equipped to tackle it alone. It’s a “strength in unity” deal. Daunting though the task may seem, no one individual has to take on an enormous burden. Security must be considered from the top down in all an organization’s actions, both in terms of policy and purchase. IT teams have their role to play, but they alone can’t ensure data protection across the entire enterprise.