Cyber-security: What’s the big deal?

My phone has been silent for 5 hours. No Facebook, WhatsApp, or Instagram notifications. No scrolling and sharing of memes, no messages from friends to meet for coffee, no international phone calls. Is this the end of times??

For entrepreneurs who rely on these platforms for marketing, customer support, sales and order placing, it sure feels like it.

Maybe this what all the cyber-security fuss is about?

Let’s have a look at the top stories in internet security in 2021:

First Apple users, via Fitbit were left exposed after an unsecured database containing over 61 million records was reported in June.
Then on Sept 27, Google told over 2.65 billion users of a critical security loophole under active exploitation by hackers before Google could roll out the fix.
Today, Oct 4^th, people everywhere who use Facebook, WhatsApp and Instagram discovered the platform was down, exposing the dependance we have on these web services. While this doesn’t seem to be a cyber-attack, security is indeed linked to access as there are reports that Facebook employees can’t enter their buildings because their “smart” badges and doors were also disabled by this network failure.

So, what’s the big deal?

Cyber-criminals jumped when the world shifted to facilitate remote work due to Covid-19. Relying heavily on big-name remote-access protocols and tools, companies were forced to take on increased security risks to stay in business. While the examples above grab the headlines, the situation is particularly risky for small and medium-sized businesses who have limited in-house cyber-security experts available to solve problems.

Ironically, rules created to protect people’s privacy often create the very environment required for security breaches to occur. How? Protocols designed to ensure staff have swift access to accounts and information also makes it easier for the bad guys to access the same data.

Data protection regulations like the GDPR in Europe and the California Consumer Privacy Act acts as guardians for us, the consumers, but also as a type of playbook for the wannabe criminal. As the laws change, the savvy criminal can piggyback onto the communication emails to consumers from brands who are working hard to remain compliant. Phishing campaigns regularly target Airbnb customers, as an example, because, let’s face it, how much expertise does a typical Airbnb user have when is comes to cyber scams? Speaking personally? NONE. And because it’s individual users who are falling prey, it’s almost impossible to know what the cost of these crimes amounts to.

Just like a cat burglar surveying your home for an open latch, it’s often human behavior that creates an opening for a cyber-criminal to strike. Reports say that the Facebook empire is down today because of human error.

Tech-heads, reach out to my friends at Veracode to see what you can be doing to protect your business.

As for me, I’m going to finally update all my passwords and accept two-factor authentication. Will rules change again tomorrow? Probably-but better that than then end of times!