The past year got off to a late start for some Apple fans. The wake-up alarm they set on their shiny new iPhones failed to go off. And this was just the start of an eventful year.
Different kinds of alarm bells were already ringing across the South Mediterranean coast as the rich and powerful in Tunisia, Egypt and Libya started to fall during the “Arab Spring” uprisings. For the first time, the organisational potential of the Internet, social networking and the global adoption of mobile phones all played a part in co-ordinating the protests and paramilitary offensives.
Once again, the encrypted communications of RIM’s BlackBerry played a part. Encryption is a power for good and evil in the digital age. In 2010, various governments pressurised RIM to allow access to its servers’ secret source of information following earlier terrorist action in India. When public disobedience reared its head, the African Arab states chose a more direct path of action by trying to sever Internet links and telecoms networks.
Governments also hit the news as international espionage hit the Internet and national projects to protect businesses, governments and the planned smart grids began to receive serious attention and funding. The energy grids are a particular source of concern because supervisory control and data acquisition (SCADA) attacks continued throughout the year with Stuxnet and its derivatives, like Duqu,
It goes without saying that a successful attack on a grid would severely compromise a country and one thing that became clear was that no system is safe. Even the “airgap” systems, those that are not attached to the Internet, can be jumped if USB storage is used without due precautions.
The proof of the vulnerability of systems was proved primarily by the continued success of the Anonymous hackers. 2011 saw many facets of vulnerability from the theft of Secure Sockets Layer (SSL) certificates, through Sony’s public debagging, to the hacking of military and policing authorities.
It is true that numerous arrests were made in the wake of these exploits but that is akin to blocking two or three holes in a colander – and even those blockages will only last until new recruits are found. According to reports, the majority of Anonymous’ successes stem from poor security practices. Members of the group don’t have to be anything more than “script kiddie” level hackers to penetrate weak password protection or to mount a SQL injection attack.
Rather than trying to herd cats, which is the authorities’ apparent offensive, it would be far better to have better education. EMC’s security subsidiary RSA, in the aftermath of its embarrassing announcement last March, made some moves towards establishing a useful forum for debating the state of security by holding meetings behind closed doors where companies could bare their souls without fear of adverse publicity.
Because of this slow reaction, 2012 is set to be more of the same. Exploits are becoming more sophisticated to penetrate the top 10 percent of “secure” organisations and the rest will suffer from overlooked loopholes. Overall, it appears that Anonymous will flourish and the exploits keep coming. Organisations have to accept that an Internet presence means that they are potential targets and that a second level of protection is needed because the top level is no guarantee of safety.
Unencrypted data is the most vulnerable but organisations seem to be reluctant to spend the money required to offer this added degree of security. It all reminds me of the old days when nobody would buy backup systems to protect their data from disk crashes and worse disasters. Eventually, they caved in when they grasped the enormity of the situation. How long before management and IT departments once again realise what the consequences of inaction means to them?
Welcome to Silicon UK: AI for Your Business Podcast. Today, we explore how AI can…
Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…
Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…
Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…
Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…
Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…