I don’t usually converse in metaphors and analogies but bear with me as I liken hackers to rodents and discuss security in keeping both of them at bay.
At 5am, our cat Soxie started scratching at the door to be let out. Soxie is one of my perimeter security personnel. It made me think about the steps we take to protect our homes from rodents and the steps we take to protect personal information in the electronic world.
Rodents and hackers alike are constantly probing and attempting to break into your place or your information. Rodents want food, water and shelter. Hackers on the other hand have many different agendas. They might want to steal customer information, corporate secrets, corrupt your data to disrupt your business, hold you to ransom and a myriad of other reasons. Hackers can be state-supported with global agendas, or non-state actors like criminals seeking to profit from your information, or creepy individuals wanting to invade your privacy for the sake of it.
What’s the common element between combating rodents and thwarting hackers? Both need security measures that have to be continually maintained and improved, whether it involves protecting your pantry or your data.
Stopping rodents getting in is straight forward. You have to block up holes and gaps. Having ‘perimeter security personnel’ like Soxie is also useful (although cleaning up the bodily remains of his work can be gross). But in the electronic world, things aren’t quite as simple. The risks are higher and the consequences greater.
Hackers attack in many ways, shapes and forms. To defeat them, one of the most critical factors is constant security patching.
Recently, hackers breached Equifax’s website application software. Equifax is a global consumer credit reporting agency and the breach had the potential to affect the information of 143 million consumers. Fortunately, the credit information of New Zealanders was not affected because Equifax NZ stores its data on servers hosted in New Zealand, and not in the cloud.
Reports say the Equifax breach happened because of an unpatched vulnerability. This gap in security was apparently known about and patchable but Equifax appeared not have made the fix before the breach struck.
As part of our oversight of information matching programmes, we have been pushing for government agencies to lift their game in patching any discoverable vulnerabilities in their communication servers. Equifax – which is not a government agency - was caught out this time. No one can be complacent about information security, not least large holders of personal information.
I am going to give Soxie a treat for his continuing perimeter security work.
Image credit: Grey cat via Pexels