It’s probably just old age, but 2015 has disappeared in a blur of activity. So many incidents, hacks, vulnerabilities and crimes, eclipsing 2014 and all the years before, for that matter.
We are massive advocates of learning the lessons of time, so apart from the undisputable truth that 2016 will be even more chaotic, and probably go by in the blink of an eye, what can we learn from this year?
Three of the major themes of the year that are certain to be carried forwards with increased intensity and efficiency (at least in our opinion) are:
- Personal data as a commodity in the organised crime world
- The mobile device exploited as the easiest way in
- Old code, written by Jolt Cola and pizza fuelled midnight developers in the eighties requiring increasingly urgent patching
We know that criminals are doing everything they can to obtain the credentials and personal information of the public. The hacks of Talk Talk, Ashley Madison, the IRS, numerous loyalty card schemes and more recently, and to our minds MUCH more scarily, VTech and Hello Kitty (stealing children’s details in a systematic and ruthless manner) are not some kind of coincidence. Big data does what it says on the tin and just as Facebook, Google, Amazon, Uber and all the rest of them commoditise your data, so are the criminals.
There are primary, secondary and tertiary markets for exploited data, which is carefully collated, allowing the criminals any number of ways to ruin your day and the value of this data is only going one way. If you were the senior civil servant who was so jaw droppingly stupid as to register on Ashley Madison with your work email, trouble is on the horizon.
Mobile devices, more often than not without AntiVirus or Antimalware protection will be the vector of choice for the exploitation of the individual and quite probably the enterprise in 2016. The consumer driven pace of change makes best practice regression and security testing irrelevant and we will need to deal with any device, anywhere security more efficiently or face the consequences.
As for old code, what a nightmare! Weekly, if not daily bugs in Java, Linux and occasionally (haha) Microsoft will continue to ruin the evenings, weekends and bank holidays of the humble system administrator. Is it time to throw it all away and start from the ground up? Only in our dreams, that sieve like code is propping up the Nasdaq!
We have done our very best to keep our customers informed and safe this year. Our advice is to expect a breach and understand the implications. Prepare and test a plan before you are caught with your pants down, especially if you’re a philandering High Court Judge.
Wishing you, your friends and families a very Happy New Year. Be prepared.