LinkedIn, Twitter and eHarmony are just the latest sites to have suffered a security violation in what seems to be an ongoing catalogue of breaches and hacks over the past few years.
Are these, in the scale of things, just minor – albeit high profile – cases, or is the internet simply not as safe as we hope and believe? A recent report on internet security from Symantec highlighted that there were 5.5 billion malicious attacks online in 2011, an increase of 81% on the previous year. The same report also showed that one in every 298 emails is a phishing attack seeking information such as passwords or usernames, and one in every 239 is affected by viruses.
“It’s a reminder that, despite security claims, any information we put on the internet is vulnerable to hackers,” said Jordana Divon on The Daily Brew. “With all the measures taken to protect individual information on the web, and all the guarantees that our credit card numbers and medical histories will be guarded under the most advanced encryption techniques, these multiple security breaches remind us that anything can be accessed by hackers with enough patience.”
But why? Has a black industry grown due to our own neglect or inertia? Or is it really quite contained and we only hear of the breaches?
Those breaches, it seems, are partly our fault. “The sad truth is that most of us — particularly busy small-business owners — do not take password security seriously enough,” said Nick Harrison from the Chicago-based social media firm Dashal. “Either we make our passwords easy to figure out or we are using the same ones for a large variety of things.”
And that lackadaisical approach to passwords can lead to bigger problems. According to Graham Cluley, a senior technology consultant with Sophos Security, the hackers who attacked LinkedIn and eHarmony may not have even been interested in information from those sites. What they were after was the passwords because many seem to use the same passwords on many online accounts.
“We’ve said many times, you shouldn’t use the same password on multiple websites. Doing so is a recipe for disaster—because if you get hacked in one place, all of your other online accounts at other sites which use the same password could fall shortly afterwards,” he said.
The problem is that by having different passwords for each account will mean the average user ending up with having to remember not only hundreds of different words, but remembering which accounts they are used for.
There are free online tools that will store and use them for you including KeePass, 1password and LastPass. But how safe are they? Is it madness – in order to stop an online password theft – to keep those online passwords stored online?
In the Republic of Ireland, the government has launched a campaign to raise awareness about the importance of internet security. MakeITsecure aims to educate people about the risks they take on a day to day basis while using online banking, emailing, participating in chat rooms or using social networking sites, especially through mobile devices such as smartphones, laptops and tablets.
The experts say not only to use different passwords, but to change them often. Do you regularly change all your internet passwords? Should you have to? Is talk of passwords security deflecting attention away from the real issue that websites are too easy to hack? How much of the responsibility rests with the user and how much with the provider?
It’s an issue that takes on a greater importance when you move beyond personal and private accounts into corporate data.
“CIOs are at the mercy of software vendors where cybersecurity is concerned, and need to turn the tables,” said Michael Hickins on CIO Journal. “This is particularly true of vendors of software-as-a-service, which host the software used by customers. If company data is stolen as a result of a successful cyber attack, the CIO is sure to take the blame, even if the attackers used vulnerabilities in software the CIO had nothing to do with developing.”
“CIOs should also ask SaaS vendors how they protect one customer’s data when another customer on the same server host is targeted for attack, and what tools they use to ensure their own personnel aren’t victimised by the same kind of phishing or social engineering attacks used against most other organisations.”
Are security breaches something we just have to live with?
To discuss this and other articles please visit The Business Technology Forum group on LinkedIn.