It’s always fun to be present at the birth of a new superlative : ‘Megabreach’ dropped into my life this week as a new term for the huge data breaches that came to prominence in 2015 and will continue into 2016. MIT Technology Review coined the phrase as they tried to make sense of what can be done to stem this seemingly unstoppable trend.
Mega, derived from Greek megas meaning ‘great’ is often dropped the also of something to highlight it’s sheer size. The data breaches that have been reported to date certainly do meet this criteria – U.S. Office of Personnel Management : 21.5million records, Ashley Madison : 37million records. J.P.Morgan : 83million records. Those numbers are indeed ‘mega’ and when you put it into context the entire population of Germany is estimated at 81.5million. How big can these numbers get, before they start to drop? Or before the year is out will we get to a ‘Gigabreach’?
The military, which has had its own share of breaches, is starting to take a stance on cyber security that if history repeats itself will slowly find it’s way into the civilian market. For years’ technology and processes that have been devised and developed for military use bleeds into all of our lives. Satellite imagery, liquid crystal, led, even the Internet itself started as a military project. The UK Mod is now insisting that all supplier contracts with them require having the Cyber Essentials certification in place. According to a post on their website from December, this also includes the entirety of the supply chain and sub contractors. They are also stipulating that this certificate is to be renewed annually. However they do admit that this may not be enough, as their own website reports that “the Government’s Cyber Essentials scheme businesses will protect their information assets from almost 80 per cent of Cyber threats”, there is still a significant risk. There is no doubt that once in place these requirements will be enhanced, tightened and stringently enforced. This requirement does provide leadership that the private sector would be well placed to follow. If the major financial instructions, retailers and healthcare providers all took a similar stance then the prevailing culture of cyber ‘ambivalence’ amongst many may start to swing towards a more cyber aware and cyber responsible workforce.
One tool that is causing concern at present, which could benefit the fight against cyber crime is that of encryption. Many technology companies want to implement strong encryption technologies into their products. Apple has even stated that even they cannot read the contents of customers messages that they store on their servers. However not everybody is happy. The criminal investigation organisations and government intelligence organisations want ‘back doors’ left in encryption so that if needed they can monitor communications for the prevention of terrorism and other organised criminal activity. What is the answer? Protection of privacy? or back doors for the spooks? The quote from Bruce Schneier on MIT Technology Review, “If the FBI can eavesdrop on your text messages or get at your computer’s hard drive, so can other governments. So can criminals. So can terrorists.”, sums it up well. If there was a back door, then those that the intelligence organisations are attempting to monitor may take advantage of it themselves. I cannot see an easy answer on this one.
One thing that seems to finally be moving from concept to reality is the rise of the Internet Of Things (IoT). It is estimated that by 2020 over 21 billion things will be connected to the internet, communicating, sharing data and adding value and automation to our everyday lives. However as everything from ‘smart’ children’s toys, to your next car gets hooked up, security specialists are warning that the security vulnerabilities on these new devices are not being addressed. If this situation is allowed to continue on it’s current trajectory and security standards are overlooked by the manufacturers in favor of functionality, then 21billion devices could be hacked – now that would be a ‘Gigabreach’.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of Facebook, LinkedIn and Twitter, or just click the relevant links from our website.