Coming to an IT department near you

comments 0

Comment

share

Share

0

Rate

The relatively short history of movies and television programs portraying hacking provides us with a little insight into how hacking, and by extension, cyber security is a widely misunderstood phenomenon. One of the pioneers in the genre, the 1995 film Hackers, depicts a group of computer whizz-kids who wear sunglasses whilst hacking organizations on their computers. The hacking itself involves flying through an on-screen maze and knowing which door to open.

Another typical example is provided by Numb3rs, a television cop show where the criminals are far more sophisticated than more traditional petty thieves or bankrobbers. Or at least, that’s the idea. In one scene, one detective explains to another that an online chat room is “a place where hackers talk when they don’t want to be overheard.” This is followed by CGI animation where two pirate ships meet in the middle of the ocean.

The examples of contrived cyber security breaches in movies and television shows can be forgiven, of course. Besides, in most cases, the hacking is only secondary to what’s going on in the main plot. But in an ironic twist, Sony Entertainment was the victim of a data security breach in November 2014[1]. Even if the breach ultimately led to losses of around $35m – not cataclysmic – it does show that even firms who we suppose to be digitially sophisticated (and Sony certainly are), the benefits of cyber-security are largely undervalued.

Hacking comes into the mainstream

Hacking is no longer limited to the confines of socially awkward males. As computers have evolved from being a mainframe large enough to occupy a room somewhere in a university to an affordable laptop, so the number of computer-literate people has multiplied. And not just computer-literate as in being adept in Microsoft Windows. That’s now a given in prosperous countries. Being computer-literate now includes programming and developing.

A 2014 article in the Guardian[2], titled “why every child should learn to code,” noted that “software is the language of our world.” It’s not hyperbole. But inevitably, as more and more people learn how to code, hacking moves from the already naïve Hollywood portrayal to something on a much larger scale. There’s plenty of evidence that this is already happening. Type “hire hacker” into a search engine and you won’t have much difficulty finding someone to hack facebook accounts, e-mails and more. And that’s only the amateurs.

It doesn’t take long to make the jump in logic that with so many hackers out there, more than a few will want to cash in on their skills, legally or otherwise. The more talented the hacker, presumably, the greater the temptation becomes. And all the more so when many of those same individuals can effectively hide their identity from being caught. The perfect 21st century crime as it were. And it’s coming to an IT department near you.

Big data, big dangers

This may all come across as a little dramatic or even dystopian but the reality, as many corporations are finding out, is that this is now a mundane, everyday reality. The so-called big data revolution that is sweeping through the global economy makes us far more sophisticated in one way, and yet far more vulnerable in others. Just ask the likes of JEEP[3], Home Depot[4], Target[5] and LinkedIn,[6] all of which have suffered data breaches of one form or another over the past two years.

What these firms have found, broadly speaking, is that data security is only as strong as its weakest link. Norse-Corp, a “threat intelligence” (the quotation marks are temporary, the name won’t be – you’ll see it used increasingly over the coming years) firm, audited Sony’s security against hackers. Their findings prove the weakest link theory. In the case of Sony, according to Norse Corp: “Their Info Sec was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department. If we were bad guys, we could have done something horrible.”[7]

Something horrible at Sony needn’t be as catastrophic as something horrible at an auto manufacturer, like JEEP. Its parent company, Chrysler, announced in July 2015 that it was recalling 1.4 million vehicles whose dashboard security systems were shown to have vulnerability that left them open to hackers[8]. In the wrong hands, engineers found that the software could be wirelessly manipulated to take over dashboard functions, steering, transmission and brakes. And these vehicles only touch the surface of where technology will bring us. What happens in the case of driverless cars, which are theoretically less than ten years down the line?

Conclusion: A new dawn for data

There’s one certainty: big data isn’t going anywhere. Once we have come to terms with that reality, the question is how do we stop hackers accessing it for devious purposes. The good news is that until now, the vast majority of the greatest minds in technology have put their abilities to constructive purposes and the rest of us have benefitted. Further good news comes in the shape that, with a few exceptions, this is likely to continue to be the case.

There will always be a threat, however. This is the new reality. Just as the data revolution has unlocked billions of dollars in value for companies on the upside, so it can destroy billions of dollars in value on the downside. Incidents like those at JEEP, Sony, LinkedIn and Target are really just small battles in a much larger war, that corporations are beginning to see that they have to win at all costs. Their investment reflects this: In 2015, global investment in cyber security is expected to reach just under $80 billion[9].

$80 billion expenditure on cyber security is good news for just about everyone. As I have attempted to show, cybersecurity is far more than an intangible IT concept of firewalls and pop-up blockers. As data becomes more an integral part of everyday life, the more relevant a place cybersecurity has to take in our lives.