2018 breaches prove education is key to a strong security posture
Last year saw the data of over one billion people being compromised, as major companies, trusted by their customers, failed to protect customer information.
According to Angela Mace, CRM and Events director at ITWeb, the common maxim today is that it's no longer a case of 'if' but 'when', when it comes to a security compromise. "If last year has shown us anything, it is that even the world's largest organisations, with the fattest information security budgets, are not infallible. Let's face it, tools and solutions alone are simply not doing the job."
Looking back at 2018, she says perhaps the biggest security event was the Marriot breach, which saw 500 million guests losing personal and financial details over a four-year period. "This breach definitely shone the spotlight on the need for way stronger identity management processes, and stronger authentication to curb any possible use of stolen data for fraud and identity theft.
"And let's not forget about British Airways," she says. "A whopping 380 000 transactions made between 21 August and 5 September were compromised on the airline's Web site and application. The hackers got their hands on customers' names, addresses, e-mails, as well as payment details."
Also last year, says Mace, a bug discovered on the Google+ platform gave third-party developers access to 500 000 accounts, which included information such as users' full names, birthdays, genders, profile pictures, occupations and places where they lived. This particular bug remained undiscovered for three years.
Mace says end-users and businesses alike need to be aware that all personally identifiable information is like gold to threat actors. "They might think this information is of no interest to anyone, but nothing could be further from the truth. Information such as e-mail addresses can be used to carry out targeted social engineering, phishing and other attacks that can result in major breaches if used as a foothold into the compromised user's organisation."
There's only one guarantee when it comes to cyber security, Mace notes, and that is education and awareness are key to strengthening an organisation's cyber security posture.
"This is why events such as the ITWeb Security Summit 2019 are so crucial for the cyber security community. They help security practitioners and business users stay abreast of the latest tools, trends and solutions, as well as the latest tactics employed by adversaries to breach organisations."
The event, now in its 14th year, will be held from 27 to 31 May at The Sandton Convention Centre, in Sandton, and will bring together leading international and local industry experts, analysts and end-users to unpack the latest threats facing African CISOs, CIOs, security specialists and risk officers. It will demystify emerging cyber security strategies in AI, blockchain, IOT, DevSecOps and more, and give delegates an idea about how to increase their businesses' cyber resiliency.