FinTech Finance report on the ‘The Cybersecurity Perfect Storm’ breakfast briefing hosted on Wednesday 16th January, 2019.
Non-FinTech Registered Users – Read here
Registered Users – click below
A Transcript of the article is also below:
“Don’t have your pet name in your password” laughs Mark Borkowski as he opens the talk. Set against the backdrop of London’s The Ivy Club, a full audience loos forward to hearing entrepreneur and ex-hacker, John Safa, talk about his take on the future of cybersecurity.
Staying on the topic of email security, Safa explains that email scams are getting more and more sophisticated. The problem is that email fraudsters can utilise artificial intelligence and all of the data collected on us from social media to create highly personalised emails that are much more difficult to identify as scams. So, don’t expect scam emails to be from foreign royalty anymore!
But when thinking about cybersecurity for businesses, the problems don’t stop at email threats. “The big cybersecurity headlines always talk about the consumer data that’s leaked whether that’s credit card numbers or email passwords, but the thing that no one really thinks about is content” Safa tells the audience.
The way that we share content has changed. Email wasn’t designed for sharing rich media so a lot of file sharing within businesses has moved to other applications, most notably WhatsApp. Safa explains, a lot of people assume that WhatsApp is secure because of its end to end encryption services meaning that data can only be on people’s personal devices.
The problem is that WhatsApp was built for consumers, not businesses. WhatsApp data may be encrypted but the data is stored on a server that isn’t owned by the business. In fact, the data is owned by Facebook, who, let’s be honest, have a questionable track record on when it comes to data protection.
But data ownership isn’t the only problem. Safa explains, “everybody has a friend of a friend, and that’s where the problem lies.” Whilst content remains within WhatsApp it’s still encrypted, but if that content is downloaded or screenshotted it’s no longer protected.
“I think the way we approach digital content in a much more careless way than we do physical content” continues Safa. If you had a business-critical document in front of you that had ‘confidential’ watermarked all over it, you’d be a lot more careful about who could access it. When the same document is accessed in digital form, people become more nonchalant when it comes to privacy.
Perhaps this is because only 30% of businesses carry out data security training for their employees. This statistic cited by Safa seems to act as a catalyst for most of the audience as it suddenly dawns on them that they’re in the 70% who don’t offer data security training and they should probably sort that out soon. Education is the best way to minimise the damage that hackers can do, because if people understand the best practice ways of handling documentation securely, then it’s less likely to end up in the hands of malicious programmers.
“So are things going to get better?” asks an audience member timidly, “because so far it’s been pretty doom and gloom.” Safa and Borkowski share a look before saying simply, “no.”
New technologies are creating a hyper-connected world, and as everything becomes and more connected it’s so much harder to protect all the personal data’s put out into the world. The advent of 5G which is going to start being rolled out in the UK later this year is going to make connection faster than ever, which seems like a great idea to everyone except cybersecurity experts.
One of the main benefits of 5G services is that it will allow the expansion of the Internet of Things. Now, one of the most notorious data breaches in recent history was the 2016 Dyn cyberattack – a denial of service attack that rendered hundreds of services offline including Netflix, Spotify and Amazon. This attack was assisted by unsecured IoT devices like printers, security cameras and even baby monitors. Safa predicts another attack like this one, but on an even larger scale. But, he also predicts that such an attack could be the kick businesses need to start thinking about their data security this a lot more seriously.