As you arrive at work this morning your eye sees the headline of the paper expressing concern that every single person in the UK has become a victim of cyber-crime. Yes, all 65 million inhabitants of this little rocky outcrop in the North Atlantic have had some of their personal data compromised.
Sounds like the opening scenes to a big budget disaster movie, doesn’t it, but what if this was true? The big story of the cyber week was that DropBox, the cloud storage goliath of choice for many, had suffered a data breach of such magnitude that 68 million accounts had been compromised.
The reports do vary in numbers, from 60 million, to 68 million, so it’s a fair assessment to say that it is the equivalent to the population of the UK, which currently stands around the 65 million mark. These numbers are staggering and it shows how cyber-crime scales to levels that many of us simply cannot comprehend. Imagine if everybody in the country had their bank account hacked, their phones remotely locked, or their social media profiles frozen, then there would be wide scale panic. There would be complaints, there would be protests and there would be investigations. So what is happening in this case with DropBox?
They have posted on their blog an apology and suggested that users change their passwords. Their apology and explanation does say that at this time they have no indication that accounts have been improperly accessed. However, they do admit that the hacked email addresses and passwords that found their way onto the dark web were genuine.
Now I’m not out to have a go at DropBox, quite the contrary, they have responded quickly, efficiently and with upmost professionalism in order to resolve the issue. What concerns me is that we are now in the age of the ‘mega breach’ where tens of millions of unsuspecting users are compromised and it garners nothing more than a tacit response of bewilderment and resigned acceptance that these things happen.
DropBox is a big company, with around 500 million customers, they are conservatively worth billions of dollars and no doubt have a dedicated team of security professionals working for them. If they can suffer, then we all can. No matter what size of organisation you are, you are at risk and you need to do everything you can to mitigate that risk. Will DropBox now be investigated for this breach? Will they suffer from reputational damage and lose business? Or will there be a collective shrugging of 60 million shoulders that cybercrime, rather than being something that happens to other people, is now just a sad fact of life.
For a while many cyber professionals I have spoken to believe that the general business populous will start to take the threat from cyber-crime ‘more seriously’ when there has been a breach of such huge proportions to a well-known company. Is this that breach? And will we now see more companies taking up the cyber security basics of Cyber Essentials and start to address cyber security as the genuine threat that it is? I’d love to know your thoughts.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.