Last month saw two major breaches in cyber security attributed to the People’s Republic of China on two US governmental departments.
Both the US Departments of the Interior and Homeland Security discovered this month that hackers working for the Chinese government had gained access to their databases at some point.
An estimated 18 million former and present US government workers have had their personal data exposed.
Worryingly, both departments were unsure exactly when the breach occurred or how much sensitive material was actually accessed. The fact that this was the second such attack on the Department of the Interior shows the inherent vulnerability in our online world.
Back to the 80s
It’s not just China who is guilty of state sponsored hacking.
In what has become the new form of international muscle flexing, governments across the globe are engaged in a game of cat and mouse and it’s not just limited to governmental departments.
Last year Sony Pictures were the target of a debilitating and embarrassing cyber attack that ultimately saw co-chairman Amy Pascal resign after her private e-mails were leaked onto the Internet.
So immobilised by the hack were Sony Pictures that it has since come to light the company were thrown back to operating like they did in the 80s.
Fax machines were dusted off and brought out of storage, communication between departments relied on posted messages and all salaries were paid using paper cheques.
Insiders say that Sony will never recover massive amounts of data that was overwritten by the hackers and could take years to rebuild their systems.
While North Korea is the most likely culprit, it’s not entirely clear exactly who was behind the attack, an attack that is suspected to have begun a year before it was first discovered.
Experts, including the previous head of MI5, Jonathan Evans, believe that foreign agencies are purposely targeting western businesses to gather data and provide an edge for their own business ventures.
If the last decade was about the excitement in the growth of our global connectivity and promoting big data, then this decade has been about the unravelling of that ideal.
Mass surveillance, hacking, data leaks and unscrupulous information scraping have all contributed to the growing realisation that we have to seriously rethink our approach to data.
We’ve been conditioned to put our faith in big corporations to secure our data, yet it’s now worryingly clear that very little is truly secure.
Add to this the fervent manner in which many companies go about collecting data on their users, many do not even realise the depth of personal information that exists on them.
What used to take forensic investigators months and months to unravel about individuals can now be found in a few megabytes of data.
Time to rethink security
As governments and businesses have begun to appreciate the level of threat, we’ve seen a shift away from some online behaviour.
It’s not just direct behaviour that can open a potential breach in security but our over reliance on other companies to secure our data.
Apps on mobile phones, browser plug-ins, cloud storage and VOIP services are all possible back doors to information that we once thought of as secure.
Many companies are looking to stable and secure technologies to handle their communications such as conference calling technology.
What’s certain is that we all have to re-educate ourselves as to what we think of as secure and become aware of the information we freely give away.
Any network or company is only as strong as the weakest point and in many instances the first breach in security is caused by user weakness; it’s estimated that nearly a third of all hacks are successfully undertaken by social hacking – using freely available information on a target to crack passwords.
It is suspected that in the Sony hack, a user’s password was cracked to enter cloud storage where a master-list of passwords were stored.
Our digital existence is not made up of separate entities, everything is connected and we all have extensive digital trails.