Ethical Hacking Awareness
How important is education?
Education is critical and security awareness is key for business but the media industry needs to realise they are a high-profile target for hackers.
The ransom heist and subsequent leak of Orange Is The New Black from Netflix last year is a good example of a hacker exploiting the terms of ransom. The content was leaked after the ransom was paid, these high-profile breaches have helped to engage the discussion on cyber security.
I often see that there is a disconnect between company management and the staff who are purchasing the technology. There is a wider issue from a corporate perspective about accountability of implementing smart devices without testing them. However, often we see that developers and implementers or purchasers don’t understand security implications and as such it is often overlooked.
Should companies pay ransoms?
The general advice from senior security officers is that a ransom should not be paid given the fact there is no guarantee of getting your data back. The next action from the cyber criminals staging the attack could be far worse, not to mention the reputational damage this could brand the organisation with.
Broadly speaking the answer is always no, however in some situations it can be beneficial for the organisation to pay the ransom.
I would advise rather than paying a ransom attack, money is better spent is an investment in the organisations security controls and security testing to prevent an attack from occurring. I commonly see security breaches which could have been avoided if the measures to eliminate the weak points and secure systems and operations to avoid any form of breach.
What is the reputational damage for organisations who experience a cyber-attack?
What we see is often a short term dip in reputation and stock market prices. Depending on the industry specialisation and how comprehensive the attack is the services on offer may fall short whilst the recovery is bridged.
The recent high profile Facebook and Cambridge Analytica scandal saw the social media giant’s stock prices take a huge dive with Chief Executive Mark Zuckerberg called to explain regulation and data sharing procedures. In this instance, Facebook has recovered its stock price.
However, that’s not to say all organisations reputation will fully recover in similar situations, and it can have a long term impact. The enforcement of the global data protection regulation (GDPR) which came into effect in May this year has seen an empowerment amongst individuals and a heightened awareness about their personal data.
GDPR is absolutely going to change the way businesses handle data and how end users can manage their rights. It can only be a good thing for public resolve and the impact of storing data amongst corporate conglomerates.