In a country that has just witnessed the latest epidemic in modern-day cyberattacks, namely, the National Health Service being compromised; data security is fast reaching the forefront of corporate mindsets. The truth is that no server is impenetrable and no data is unreachable for the most sophisticated of hackers, the perfect example of this being the 1 billion Yahoo accounts that were at risk from the breach reported last year. However, groups like WannaCry – the North Korean hackers linked to the NHS attack could have been deterred if the data was stored more securely or behind more data protection safeguards.
We touched base with a few companies in different verticals to ask just how important data protection was to them and whether they actively invested in new ways to stop cyber criminals taking advantages of loopholes.
First, we reached out to a few of the big 4 accounting firms about how clients of theirs could be secure that their audits were not going to be leaked or stolen. Their answer was simple, they store all their crucial information on offline servers that are only accessible from their local systems. While a fair amount of their innocent data did seem ‘reachable’ to those who knew what they were doing, the typical backdoor exploitations that we have witnessed others fall prey to seemed like they would be rather innocuous against the firm. However, an internal breach was reported at one of these firms and hushed a year back showing that for some firms, the biggest data security risk is personnel.
Secondly, we reached out to a well-known online betting company – SportingBet, who were happy to tell us a little bit about the security that most bookies and gambling companies tend to employ to avoid similar situations. While player data was accessible by the tech teams, the servers that housed the actual software were separated and all payment details were held on yet another server that was even more encrypted. The ability to deposit and withdraw through third parties meant that payment data was limited to only those accounts who preferred credit cards; and these were secured in a coded format that the majority of staff were not informed of. While we were reliably informed that another industry body had been the subject of a data breach only a year ago, SportingBet seemed contented that they had not suffered such a setback and were actively investing in security on a regular basis.
Finally, we reached out to a big jewellery firm, who after our findings have refused us to name them, that had prided themselves on ultra-secure data protection facilities and even invited us to try and penetrate their systems. Unfortunately for them, it took us all of 25minutes to breach their encryptions and they were found to be storing customer credit card information; despite claims that all of these were encoded and deleted after six months. After multiple finger-pointing and protestations of innocence, the firm have agreed to invest heavily in further security and we are confident that this will be undertaken hence our agreement not to publish their identity to our audience (sorry!).
The truth of the matter is, as we said in our opening paragraph, that no firm or company is ever 100% secure. Be it personnel, outdated security software, improper data storage or insecure servers; there will always be exploits to find, and there will always be people out there looking to exploit them. The aim of the game is to break these big data files out into multiple servers with multiple encoding levels to ensure that the challenge is off-putting enough that most will leave you be. But it’s nice to see that many of the major players who have access to our credit card data and personal information are at least trying to do this and, for the most part, succeeding at their jobs.