By Koen Peeters, Associate, CS&A International
It doesn’t take us long to get used to the new technologies that are thrown at us at light speed. Whether a new website, a new type of wearable health assistant or a smart thermostat that allows you to switch on your heating from anywhere in the world, we adopt new tech gadgets like new pairs of shoes, no questions asked. Is this really without risk though?
They know everything about you
Marc Goodman questions a valid point in his book “Future Crimes”. He writes: “Did you ever stop and wonder why Google never sends you a bill?” The same question can be asked for every other free online service we use, even the seemingly innocent ones, like smartphone games. The answer is fairly simple: we are not their customers - we are the product. We are all guilty of blindly agreeing to the terms of service of online providers, thereby giving them direct access to monitor and research our online behavior. With one click on our devices, online providers instantly have our names, addresses, credit card details and plenty more information stored on our devices.
Yet, this ‘basic’ data is only the beginning. Once we have agreed to the terms, our every online move including searches, conversations and comments will be followed. Add to that the physical tracking of our phones, including eyes and ears by means of built-in cameras and microphones, and our profile is complete.
This gathered data is sold onto third parties, who pay top dollar and use it to increase the reach and effectiveness of their marketing campaigns.
This practice does not include illegally acquired data, which is also sold to third parties, albeit for very different reasons.
Are you protected?
New technological challenges and risks do not only affect us on a personal level. How does a corporation, with employees glued to their screens, protect itself and its assets? Marc Goodman writes: “Just one compromised email account on Facebook, Google or Apple can give hackers access to years of your email messages, calendar appointments, instant messages, photographs, phone calls, purchase histories on Amazon, bank and brokerage accounts and documents in Dropbox or on Google Drive.”
“According to a Verizon study, once hackers set their sights on your network, 75% of the time they can successfully penetrate your defenses within minutes and that only 15% of the time it takes more than a few hours to breach a system,” adds Goodman.
New antivirus programs are created in defense of a newly released virus and as such, organizations are one step behind and continuously at risk. Therefore, by default, many organizations are insufficiently protected. Some believe they are too small to appear on hackers’ radars. In a USA TODAY article from December 27, 2015 by Steve Weisman, however, the author predicts that small and medium-sized businesses will become increasingly targeted.
Convenience is key
No longer in the realm of science fiction, one of today’s fastest growing trends is the Internet of Things (IoT): an advanced system of connectivity whereby all our daily appliances are linked to the net, allowing them to communicate with us and with each other. Sure, it sounds like a wonderful idea that our car can prompt us to buy milk on the way home from work, because our fridge thinks there might not be enough for breakfast. However, this level of technological innovation comes with added risks: new ways to get on our private network and acquire our data. According to Weisman, “the Internet of Things will become a prime target for hackers to exploit in many ways.”
New technologies are double-edged swords: they offer fantastic access to previously unimagined levels of convenience. But they do come with great risks. Best-in-class organizations ensure that such new risks continue to be flagged in risk registers, that mitigation plans are developed, that bespoke business continuity initiatives are launched and that a resilient and secure crisis management platform is adopted to function independently from corporate systems and servers.
About the author
Koen Peeters is an Associate with CS&A International, an international risk, crisis and business continuity firm with worldwide operations. He services clients around the globe from his base in Mechelen.
- “Future Crimes: Everything is Connected, Everyone is Vulnerable and What We Can Do About It” - Marc Goodman - http://www.marcgoodman.net
- “Cybersecurity predictions for 2016” - Steve Weisman for USA TODAY, December 27, 2015 - http://www.usatoday.com/story/money/columnist/2015/12/27/weisman-cyberse...
- “The Risks of Big Data for Companies” – John Jordan for The Wall Street Journal - October 20, 2013 - http://www.wsj.com/articles/SB10001424052702304526204579102941708296708
- “IoT: The Security Risk Iceberg” – George Torsten for SECURITYWEEK, September, 23, 2015 - http://www.securityweek.com/iot-security-risk-iceberg