Foreword
Security is all of our concern, whether you are a receptionist or an engineer, and whether you work in an office or from home.
We all have a part to play, in ensuring our organisations and systems stay secure.
As we continue through Cyber Security Awareness Month (CSAM), I wanted to ensure that people are aware of some of the 'core' security concepts.
Over the course of CSAM, I will be writing posts about aspects of cybersecurity / mainframe-security.
In today's post, following last week's Z Day, I shall briefly outline a few points about how the "Internet of Things" is quickly becoming the "Internet of Risk".
|
A Quote for the Modern Age
"Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, but now hacking is big business."
This is a reflection from Kevin Mitnick (aka 'The Darkside Hacker').
Kevin became infamous for his high-profile 1995 arrest that lead to five years in prison, following various computer and communications-related crimes.
In the years following Kevin's arrest, cyber-crime has become drastically more sophisticated, especially where organised groups invest in skills, tools, and processes to take down targets.
Be it government agencies, research institutions, or corporates: Where valuable data can be found, hackers will try to: Investigate, infiltrate, extract, and extort data
This could be for monetary gain (e.g. Ransomware), on behalf of another entity (e.g. Industrial Espionage) or for a Nation-State (e.g. military secrets).
|
Connected People; Connected Risks
The world is more connected than ever, which is both a blessing and a curse.
For better or worse, modern networks will connect everything from office computers and bank accounts to baby monitors and pacemakers.
Unfortunately, coinciding with the ability to communicate across continents has come a decrease in our collective digital safety.
Sure, we can talk with people on stable Zoom calls and message seamlessly between devices, but we are now more at-risk of malware and phishing.
|
The Unsurprising 'Internet Distrust'
Many of us are using the services of corporations who flaunt promises about data privacy, but these are found to ring hollow.
Is it any wonder that increasing numbers of people believe that their data is less secure than ever before?
For example: From a 2019 survey of 24 countries, it was found that 80% of respondents were concerned about online privacy, with one-in-four saying they did not trust the internet.
Often these companies sit idly while our personal data is being compromised, stolen and leaked with disturbing regularity.
|
Trading our Privacy for Convenience
Privacies that we may have previously taken for granted are being steadily exploited in exchange for frictionless convenience.
As a society, we are effectively trading our information for faster checkouts, despite understanding how likely it is that said information will be leaked.
According to Statista, roughly two thirds (66%) of the nearly 8 billion people in the world, have access to the internet.
From the approximately 5.35 billion individuals with internet access, it is estimated that 90% of the entire world's data was created in just the last two years.
Much of that information is data that we are freely giving away for a negligible benefit.
|
Who holds our data: The Ugly Face
Hypothetical example -> You signed up for a loyalty card at a pet store. Now your information will be sold to companies looking to market toward pet owners.
This is how data brokers come to amass a horrifying amount of information about us: Thousands of "leading brands" sell information from their database to brokers who you don't know.
The Privacy Rights Clearinghouse reported that there are currently 270 data brokers in the world who collect and sell all kinds of personal data.
Despite "Data Brokering" being a relatively new industry, brokers already have information for a pretty sizable amount of the population with a single company Acxiom purports to have data from 2.5 billion different people in 2023.
However, the morality of this practice is highly questionable, with one company selling information for people with health conditions like anorexia, substance abuse, and depression.
Pam Dixon, executive director of the World Privacy Forum, revealed disturbing lists that she has found for sale from data brokers including a "Rape Sufferers List".
Do we really want to have a miniscule amount more convenience in our lives, as the cost of giving away such personal information?
I should hope not.
------------------------------
Niall Ashley (he/him)
Consultant in Mainframe Security (RACF)
Vertali Ltd
------------------------------