World Replete With Hackers Wreaking Havoc Across Businesses and Countries
Data is the new gold in the 21st Century, probably more valuable than oil and gas. Data control is now the ultimate power. Anyone who has data control is able to control an organization, business, government, research, marketing, elections, communication, transport and any other facet of life.
Consequently, one of the most critical issues globally today is security of data. This puts data handlers at the centre of a storm, so to speak. They are the critical cog around which data security hinges. They are required to be guided by morals and ethics, to ensure that data is accessible to authorized people only, and there is no unauthorized access or use of data by unauthorized parties.
Data security is now a very urgent and top priority in the world as many organizations and countries have found to their detriment. The world is now replete with examples of costly, painful and embarrassing moments meted out on individuals and organizations emanating from breaches of data security.
In February 2016, a cybercriminal obtained and publicly released data of over 700 current and former employees of Snapchat, an American multimedia messaging app. The criminal, through social engineering, posed as the Chief Executive Officer (CEO) of Snapchat, Evan Spiegel, and sent an email to an employee in the payroll department. Social engineering in information and communications technology (ICT) is the psychological manipulation of people into performing actions or divulging confidential information.
The Snapchat employee realized, too late, that the email address through which the request had come was not legitimate, and informed Mr Spiegel, who confirmed he had not sent the original request.
Snapchat had to undertake a major campaign among its clients to assure them of the security of their information following the attack, and provide free credit monitoring and identity theft insurance to all affected. It also had to undergo a major review of its security systems. It can be that bad.
It can actually get worse.
In 2014, a disgruntled network engineer at EnerVest in West Virginia in the US, upon learning of his pending termination, remotely accessed the company’s computers and reset the servers to factory default settings, essentially eliminating access to all of the company’s data and applications for a large part of its operations in a devastating cyberattack. Enervest is an oil and gas exploration and production services company.
The employee, Ricky Joe Mitchell, also accessed the physical offices of EnerVest before his access could be discontinued, disconnected remote backups, and disabled the equipment’s cooling system. The company remained inoperational for 30 days, unable to conduct business.
EnerVest had to spend hundreds of thousands of dollars to try and recover historical data from its network servers. It lost some of that data forever.
In 2007, protected information of seven million families in Great Britain was lost in an email sent to another government agency but failed to be delivered. Two password-protected digital disks containing the details of every child and family in Great Britain subject to benefit payments failed to arrive upon being emailed to another government agency.
In yet another data breach scandal, a disgruntled employee exposed the protected details of India’s new Scorpene submarines in a complex data breach that involved multiple governments, employees, and contractors.
According to Defense News, some 24,000 pages of classified information were exposed. The terminated employee chose to copy data to a disk, mail it, and eventually share it with a journalist.
In November 2018, Marriott International, an international hotel chain running different hotel brands, announced that hackers had accessed and stolen data on approximately 500 million customers. The attackers were able to access contact information, passport numbers, Starwood Preferred Guest numbers, travel information, and other personal data. The credit card numbers and expiration dates of more than 100 million customers were believed to have been stolen, but it is uncertain whether the attackers were able to decrypt the credit card numbers.
In Kenya, a local tech news blog site techweez.com, reported that a lawsuit was filed against a Kenyan-based telco for allegedly violating customers’ data privacy.
The data breach affected 11.5 million customers and revealed personal information, including identity and passport numbers, gender, age and sports-betting history.
In a rather gross data and privacy breach affecting elections in Kenya, United States, South Africa, India, and Indonesia among other countries, Cambridge Analytica- a data processing and consulting company- helped to manipulate the psychology of voters, thus influencing the outcome of the elections. The CEO of the company, Mr Alexander Nix, would later be suspended for data and privacy breach.
These are very few cases of data breaches whose consequences range from mild to dire. It is obvious that data security (or insecurity) affects every facet of our lives. It is extremely important that every data is treated with utmost privacy and integrity.
Data controllers ought to be ethical and extremely cautious when handling data. Proper mechanisms need to be put in place by data controllers, policymakers and industry players towards data integrity.
Some of the ways of ensuring data security include, but are not limited to-:
- encryption of all devices including during migrations,
- modifying/erasing redundant data to be indecipherable,
- investing heavily on cyber security,
- using complex passwords that are changed regularly,
- updating programs regularly,
- programs should be updated regularly and scanned for bugs, malwares and other viruses;
- regular online and offline data back-up, and
- sensitizing all staff about the need for security measures.
There are many other ways of enhancing data privacy and integrity.
The disputes and global challenges of the future will mainly be around data. Institutions must invest heavily in ensuring that their IT infrastructure is secure and impenetrable by would-be threats. Their very survival depends on it.
Every website needs to have an SSL certificate as the first step in cybersecurity practices. Truehost Cloud has partnered with Global SSL providers to provide the cheapest commercial SSL Certificates for clients in US, Kenya, Nigeria, South Africa and Globally.