With everything online all the time, staying secure has become increasingly difficult. It is not surprising therefore, that Digital, an event focused on all things digital in this modern age, has a track dedicated to Internet of Things and Security. It is also extremely timely given the number of high profile cyber-attacks hitting the headlines this year. You can’t have failed to miss the WannaCry Ransomware cyber-attack that has hit 150 countries, 1000’s of computers and brought several hospitals in the UK to a halt (cancelled operations being amongst the issues). There are many, many more that go unreported.
The temptation reading about cyber-attacks is simply to think, “I keep my computers up to date so it couldn’t happen to me.” Or, “my critical data is on a rock solid NAS device so I don’t overly care if a PC gets compromised”. Think again. Cybercrime is on the rise and sooner or later we will all come under attack. Some attacks are generic, like WannaCry, but other attacks are highly targeted. Whilst some types of companies are considered more vulnerable, such as media companies delivering high value entertainment, it is important to understand that we are all potential targets.
The problem is that literally everything is online and we rely on that so it is very difficult to stop being online. I should know – for the last three years I have left my phone at home for my summer holidays. I go radio silent, but it is not easy and the first year was the worst. I suddenly realised that absolutely everything is on that phone: satnav, booking details, email confirmations, and a multitude of other information. Of course my reasons for leaving it at home are to do with switching off for the holiday, but it proves a point that with all that data online, we are so much more susceptible to attack.
That content all needs to be stored somewhere, and with more content, whatever that may be, demanding more bandwidth than ever, it is becoming a challenge for many companies. Too many companies simply keep piling stuff into existing legacy storage platforms that were not designed to store such large volumes of data and are not secure enough to tackle sophisticated attacks.
Digital will be a good place to get some tips for how to stay secure, but in the meantime here are a few from us:
· Avoid single points of failure, i.e. having access to large swathes of data from a single PC/login.
· Many hacks / malicious actions come from within the organisation, so make sure you can audit who read / deleted / modified files.
· Education, education, education. Start from the top. Does the CTO know how to handle a DNS attack? Are the top architects really up to date in their knowledge? Then work through to the staff: are they keeping their passwords safely? Will they report suspicious activity? Etc.
· Make a written digital content governance strategy. Think about your backup, disaster recovery and replication strategies with the hackers in mind, but then get the policies written down and adhered to across the organisation. The hackers will compromise a PC at some-point. What could a determined hacker do from there?
· Think about keeping data safe in purpose built storage. Exposing everything via a filesystem is extremely dangerous. Consider on-premises object storage for this. Get into the mind of the hacker when forming your digital content governance strategy.
Essentially, assume it will happen at some point and make sure you have measures in place to reduce your risk, but also strategies in place to react when it does happen.
Nick Pearce-Tomenius is Sales & Marketing Director at Object Matrix