The relatively short history of movies and television
programs portraying hacking provides us with a little insight into how hacking,
and by extension, cyber security is a widely misunderstood phenomenon. One of
the pioneers in the genre, the 1995 film Hackers,
depicts a group of computer whizz-kids who wear sunglasses whilst hacking
organizations on their computers. The hacking itself involves flying through an
on-screen maze and knowing which door to open.
 |
| Hackers movie (1995). Angelina Jolie is unlikely to come to your IT department. |
Another typical example is provided by Numb3rs, a television cop show where the
criminals are far more sophisticated than more traditional petty thieves or
bank robbers. Or at least, that’s the idea. In one scene, one detective explains
to another that an online chat room is “a place where hackers talk when they
don’t want to be overheard.” This is followed by CGI animation where two pirate
ships meet in the middle of the ocean.´
The examples of contrived cyber security breaches in
movies and television shows can be forgiven, of course. Besides, in most cases,
the hacking is only secondary to what’s going on in the main plot. But in an ironic
twist, Sony Entertainment was the victim of a data security breach in November
2014[1].
Even if the breach ultimately led to losses of around $35m – not cataclysmic –
it does show that even firms who we suppose to be digitially sophisticated (and
Sony certainly are), the benefits of cyber-security are largely undervalued.
Hacking comes into the mainstream
Hacking is no longer limited to the confines of
socially awkward males. As computers have evolved from being a mainframe large
enough to occupy a room somewhere in a university to an affordable laptop, so
the number of computer-literate people has multiplied. And not just
computer-literate as in being adept in Microsoft Windows. That’s now a given in
prosperous countries. Being computer-literate now includes programming and
developing.
A 2014 article in the Guardian[2],
titled “why every child should learn to code,” noted that “software is the
language of our world.” It’s not hyperbole. But inevitably, as more and more
people learn how to code, hacking moves from the already naïve Hollywood
portrayal to something on a much larger scale. There’s plenty of evidence that
this is already happening. Type “hire hacker” into a search engine and you
won’t have much difficulty finding someone to hack facebook accounts, e-mails
and more. And that’s only to speak of the amateurs.
It's not difficult to make the jump in logic that
with so many hackers out there, more than a few will want to cash in on their
skills, legally or otherwise. The more talented the hacker, presumably, the
greater the temptation becomes. And all the more so when many of those same
individuals can effectively hide their identities. The perfect
21st century crime as it were. And it’s coming to an IT department
near you.
Big data, big dangers
This may all come across as a little dramatic or even dystopian but the reality, as many corporations are finding out, is that this
is now a mundane, everyday reality. The so-called big data revolution that is
sweeping through the global economy makes us far more sophisticated in one way,
and yet far more vulnerable in others. Just ask the likes of JEEP[3],
Home Depot[4],
Target[5]
and LinkedIn,[6]
all of which have suffered data breaches of one form or another over the past
two years.
What these firms have found, broadly speaking, is that
data security is only as strong as its weakest link. Norse-Corp, a “threat
intelligence” firm (the quotation marks are temporary, the name won’t be – you’ll
see it used increasingly over the coming years), audited Sony’s security
against hackers. Their findings prove the weakest link theory. In the case of
Sony, according to Norse Corp: “Their
Info Sec was empty, and all their screens were logged in. Basically the janitor
can walk straight into their Info Sec department. If we were bad guys, we could
have done something horrible.”[7]
Something horrible at Sony needn’t be as catastrophic as something
horrible at an auto manufacturer, like JEEP. Its parent company, Chrysler,
announced in July 2015 that it was recalling 1.4 million vehicles whose
dashboard security systems were shown to have vulnerability that left them open
to hackers[8].
In the wrong hands, engineers found that the software could be wirelessly
manipulated to take over dashboard functions, steering, transmission and
brakes. And these vehicles only touch the surface of where technology will
bring us. What happens in the case of driverless cars, which are theoretically
less than ten years down the line?
Conclusion: A new dawn for data
There’s one certainty: big data isn’t going anywhere.
Once we have come to terms with that reality, the question is how do we stop
hackers accessing it for devious purposes. The good news is that until now, the
vast majority of the greatest minds in technology have put their abilities to
constructive purposes and the rest of us have benefited. Further good news
comes in the shape that, with a few exceptions, this is likely to continue to
be the case.
There will always be a threat, however. This is the
new reality. Just as the data revolution has unlocked billions of dollars in
value for companies on the upside, so it can destroy billions of dollars in
value on the downside. Incidents like those at JEEP, Sony, LinkedIn and Target
are really just small battles in a much larger war that corporations are
beginning to see that they have to win at all costs. Their investment reflects
this: In 2015, global investment in cyber security is expected to reach just
under $80 billion[9].
$80 billion expenditure on cyber security is good news
for just about everyone. Cyber security is far more
than an intangible IT concept of firewalls and pop-up blockers. As data becomes
more an integral part of everyday life, the more relevant a place cyber security
has to take in our lives.
[3] http://www.forbes.com/sites/thomasbrewster/2015/07/21/jeep-vulnerability-fixed/
[4] http://blogs.marketwatch.com/behindthestorefront/2013/12/19/targets-card-breach-delivers-a-rude-christmas-surprise/
[5] http://blogs.marketwatch.com/behindthestorefront/2013/12/19/targets-card-breach-delivers-a-rude-christmas-surprise/
This is scary stuff! Even if you are computer literate it seems impossible to keep up with the endless updates and improvements made every day to our computer systems. Most of us accept that computer hacking is a reality and that nowadays governments can hack our computers in the name of national security but it's still very alarming.
ReplyDelete