Cyber Security : Time to Get the Basics Right

Sometimes I get completely dumbfounded at the pace of technological innovation. Rummage into some of the latest stories in the world of technology, odds are high that ongoing inventions would leave you stunned. And being a tech-freak, I must confess, nothing else in life gives me an adrenaline rush than bright evolving ideas, particularly in the field of information technology.

Indeed, the other day, I got startled to find how one scientist from the University of Rochester in New York is scripting an algorithm, which would help in decoding the human gestures!

A host of other advanced technologies have also completely transformed the way we do our business or conduct day-to-day activities.

Staying ahead of the competition is easier now as big data analytics allow us to capture and analyze data in a real-time. Artificial intelligence, which minimizes or completely leaves out human intervention, makes driving one helluva experience through driverless cars, while 3D Printing helps in streamlining manufacturing processes.

Increased digitization and web connectivity in our daily lives, however, exposes us to innumerable vulnerabilities arising from cyberspace. As a risk-consultant, for the last two decades, I must confess, our attitude towards security of IT systems and internet-enabled devices remains lackadaisical.

I was in Manila last summer, participating at the IT security conference. I was one of the speakers. Before sharing my concerns about organizations’ lurking IT systems related risks and suggesting possible preventive measures, I asked my audience—which comprised of CIOs and CISOs from an array of industries—one simple question: How many among you change your passwords very often? Not many hands got raised, which led me to conclude that our overall approach towards IT security is not up to the mark.

More and more banking transactions are done through mobile phones. But our mobiles are extremely vulnerable to hacking. Even the best operating systems in the market are not foolproof. The recent episode where researchers identified three security gaps in iOS could have allowed hackers to snoop on us and keep a track on all of our logs. Two malicious software programs: Aceard and GM Bot, capable enough to bug both Android and iOS applications and drain bank accounts were recently discovered by the law enforcement agency in the U.S.  

Here I don’t mean to say that one should stop using mobile phones for commercial purposes. Instead, be mindful of vulnerabilities. Try to figure out how you could plug security gaps. Vendors often release the product security updates. Always stay informed. And if you are aware of any security gaps and available remedial measures, implement those.

Your private keys that give access to many important accounts are typically stored in internet-enabled devices or hard drives for the sake of convenience. That’s asking for a trouble. This is not the safest way to secure passwords in ever expanding but increasingly complex cyberspace. With the advent of technologies like the internet of things (IOTs), your highly classified information, and data are constantly under threat from cyber criminals. Denial-of-service assaults or data theft could leave you devastated.

In this backdrop, it becomes vital to safeguard our passwords. Those strings of alphabetic and non-alphabetic characters should not only be strong but also need frequent rotations. At a higher level we need to change our attitude towards securing our data by being more alert, mindful of what personal information we provide on Internet or social media.

 Finally we need to imbibe the principles of providing information on “need- to- know” and “need- to- do” basis and a culture of being risk aware in this increasingly connected world where there are no boundaries.

Some might call it as paranoia. But it’s better to be paranoid when it comes to protecting information. As the famous saying goes: “Complacency Kills. Paranoia is the reason I am still alive”.

 About the author: An inspired Innovator, investor, and mentor for some new age cybersecurity companies besides being a recognized thought leader in areas related to Governance, Risk and Compliance.

ARCON provides state-of-the-art technology aimed at mitigating information systems related risks. The company’s Privileged Identity Management / Privileged Access Management solution enables blocking unauthorized access to ‘privileged identities’, while its Secured Configuration Management solution helps to comply with Governance, Risks, and Compliance (GRC) requirements .

Need a solution for safeguarding critical IT assets? Please contact us