My bet is that this year, we will see some massive IT security issues. Let me just summarise some of the 2011 headlines and then I’ll explain why I believe 2012 will be worse.
- ANZ bank disables online banking statements after an investigation found a serious security flaw. (Reported by Chris Zappone in The Age, December 15, 2011)
- Telstra was found to have exposed some 60,000 records to the public via an Oracle database, probably for use by one of its call centres, which inadvertently published private information that could be found via Google. The Privacy Commissioner stepped in on December 12 to force them to close it down.
- ATO has potentially paid out hundreds, if not thousands, of fraudulent income tax claims to scammers who have stolen tax payer identities. Approximately $33 million in fraudulent claims have been successfully blocked but it is unknown as to how many have slipped through. (Reported by Darren Pauli of ITnews on December 12, 2011)
- DigiNotar, a Netherlands unit of Vasco Data Security, filed for bankruptcy after hackers stole security certificates to a number of domains. (Reported September 2011)
- Blackboard E-Learn software were found to have vulnerabilities that may expose thousands of student records, and other information such as exam papers, to hackers. (SC Magazine September 2011)
- Do I need to remind you of the Sony PlayStation issue of May 2011?
- And the one I find most upsetting is RSA, who are experts in two factor authentication (high level security), who admitted that they had been breached by hackers in March.
So why will it be worse in 2012?
The answer doesn’t lie with the quality of the technology; it lies with the size of the opportunity. There are now more transactions online every day and so there is more opportunity online every day. As more motivated people in third world countries and more opportunities are available to get on the internet, there are more people looking for ways to take advantage of the unsuspecting and the unprotected.
When the big players like RSA can be penetrated, it’s obvious that most of us in the SME world lack the capability to keep our data safe as we have insufficient budgets and resources to keep the hackers at bay. So in 2012, and each year onwards, we will see more benefit from our technology and at the same time, more threats and risk.
We can take steps to be less exposed than the next company, and certainly remaining vigilant and diligent will reduce risk, but we won’t be able to ensure our online safety anymore than we can be sure we will survive our drive home.
Take care out there.
David Markus is the founder of Combo – the IT services company that ensures IT is never an impediment to growth