For a long time now, data security headlines have been reserved primarily for mass breaches of international enterprises as the IT industry struggles to move on from outdated security systems.
Despite grabbing the headlines, it is not only the large enterprises that are targeted by hackers.
Smaller organisations would be foolish to ignore the possibility that they will or have already suffered a data breach. Fortunately, the ‘Have I Been Pwned’ website can help put minds at rest, at least temporarily, to see if an organisation has already been hacked.
As technology and the way businesses transact with each other continues to develop online and in the cloud, alongside the ever increasing use of social media sites, mobile devices and applications in the workplace, hackers’ appetite for this data has continued to grow.
The ‘Have I Been Pwned’ website is a useful indicative site to do a high level check on your email accounts, both business and private, to see if you have already suffered a breach and also to check if any organisation that you may be planning on sharing your data with has too.
>See also: Five keys to preparing for a data breach
The site reveals which organisations have been hacked and what information has been accessed. The growth in appetite for this data has led to greater threats to an organisation’s security and has resulted in severe and regular data breaches at organisations such as Adobe, LinkedIn, MySpace, Tumblr and Dropbox.
The common information that is stolen? Email addresses and passwords.
The site cannot prevent future attacks but it does highlight a recurring issue: the ease and regularity of accessing someone’s email and password, which due to human nature is often replicated through many outlets.
If a hacker has achieved those pieces of information, it is very likely that they can now access countless accounts for that individual.
Many enterprises don’t completely appreciate the impact of a data breach on their business. Apart from the obvious embarrassment and threat on reputation, a data breach should not be merely shrugged off as a mistake or temporary glitch.
Consumers, customers, clients and investors will not cast aside the news that their data has been shared publicly, especially if their emails and passwords are used across many formats which may include personal, health and financial information.
In terms of business impact, data breaches are costly to fix, result in regulatory fines and cause job losses for the people that were employed to prevent it from happening.
On the day of the breach, a company’s share price will inevitably take a hit and whilst that is reconcilable in the future, the long term reputational damage and opinion from customers will not necessarily be repaired.
The obvious problem throughout data security and the reason why these hacks keep occurring, is the outdated systems that are in place.
Most current password security systems for business applications and websites are flawed. Designs that were once acceptable a decade ago have simply not been improved, whereas the intelligence and ability of the hackers have.
Organisations keep hitting the headlines after being hacked and losing a large amount of people’s private information but instead of trying to find better solutions, the IT industry has continued to operate under a system of password acceleration across multiple, often incompatible systems.
LinkedIn issued a statement telling users to change their passwords as soon as possible. This isn’t a step forward to fixing the problem and seems more of a ‘papering over the cracks’ solution off the back of suffering a breach.
Complex and hard to guess passwords alone are not enough and changing your password doesn’t prevent a similar breach happening again.
If a site is hacked or passwords are not stored in an encrypted format, high-risk data still has the potential to be compromised. What’s more, passwords can still be stolen and the encryption broken.
The issue has continued to worsen and shows no sign of stopping. Companies have had too many wake up calls with passwords evolving into an indefensible means of authentication.
All technology must adapt to an ever-changing industry and despite passwords serving a purpose for years, it is time for IT to change its mind-set towards security.
Business can now check if they have already suffered a breach, if they haven’t, they should take the required steps to prevent it happening in the future.
Sourced by Dave Worrall, CTO at Secure Cloudlink