Safety Lessons from Hacking T-Mobile

The National Cyber ​​Security Alliance found that 60% of businesses are unable to keep their business open six months after a cyberattack. It should be obvious by now that security threats should always be a high business priority, and in most cases, cybersecurity should be the top priority. Faulty prioritization is one of the reasons we often see cybersecurity technologies fail in organizations. Although every organization is different and has different needs, in an ever-changing threat landscape where attacks can come from anywhere and at any time, cybersecurity programs must always lead the way and be designed for attacks. modern and innovative. If your cybersecurity program isn’t in the lead, it’s likely to bleed and crumble when a nefarious event occurs.

Cybersecurity is not for the faint hearted. Above all, good cybersecurity requires tremendous organizational will, but it also requires disciplined effort, increased knowledge, investment in resources, proper planning, budget commitment, structuring of operations, mission statement and vision. . If the organization doesn’t have what it takes, then they need to find a partner who does.

IoT and mobile incidents

There’s an unsettling feeling that comes from news of a major breach, especially when the brands involved are tech-focused. Last summer, we talked about an upcoming IoT winter when news of a breach at Peloton hit the press. Stories of cyber hackers in emerging IoT markets have piled up from there. We are only at the start of this winter and the reason is that cybersecurity continues to be an afterthought for high-flying tech companies.

Emerging IoT companies are not alone. Last year, T-Mobile, one of the most popular mobile phone service providers in the United States, suffered a major data breach. Significant data was lost north of 7.8 million existing customers and 40 million potential and previous customer records.

Although the damages do not directly include financial data, the impact of the breach on consumers is a sign of the patchy nature of cybersecurity practices that exist in the industry. Consumer credit companies such as Experian have notoriously lost treasure troves of data due to a major breach. Of course, the state of cybersecurity practices has hopefully improved across all of these organizations, but it’s fair to point out that all of these organizations had some form of traditional enterprise cybersecurity at the time of the review. incident. This traditional cybersecurity mentality has failed and will continue to fail.

Living on the edge of threats

Whether you are a consumer or a business, we all constantly live on the edge of an abyss of cyber threats, whether we know it or not. Hackers work at such a ferocious pace and scale that they force us to always be on an equal and superior position when it comes to cybersecurity capabilities. If an organization does not prioritize security and have it at the heart of its mission, it is hard to imagine that organization operating at the cutting edge of the latest security.

Mobile tech companies weren’t built on cybersecurity, but they have slipped into a position where security is an expectation. IoT companies, the kind that want to connect your toasters to the web, can’t moonlight with cybersecurity. Someone needs to focus on cybersecurity as the primary mission of these organizations if we want to protect our data.

Slip on Safety

The biggest gap in cybersecurity is known as the complacency. When a corporate network hasn’t been breached recently, it’s easy to continue with the same outdated security measures. It’s almost natural to lose focus, but under these conditions, it’s only a matter of time before sensitive customer data is in the hands of a cybercriminal.

Organizations that want to be secure and face risk must structure their security from the ground up. This can be a difficult task to execute when the core of the company’s products and services comes from speed to market and technical novelty. This is where businesses should seek help from experts who live and breathe cybersecurity.

Structuring a cybersecurity strategy for companies

Based on Maslow’s Hierarchy of Needs, we all want a safe and secure physical and virtual environment. We also love all the handy devices and the ability to check our Wi-Fi enabled slow cookers. So please let’s build those capabilities right.

To do this, we need to deconstruct the service and the product to its digital essence. We need to analyze the components of where the data is, what the data is, what data is valuable, who can access it, why and when. We must also take into account the retention period of the data. For example, you probably don’t need non-customer data that is seven years old, as was pointed out in the T-Mobile incident. If needed for any reason, it should be as highly secure and inaccessible as possible.

In addition, we must rely on the concepts of global security. The mission of this approach is to address the spectrum of compute, endpoint, application, and user resources with insight. Essentially, security protocols for every organization should be universal, and the protocols require ongoing maintenance and 24-hour monitoring. Protocols include system and application updating, service and security assurance, smart guards and many other components that are part of the overall security approach. In most cases, these services are best monitored by industry partners who specialize in secure systems and compliance.

Source link