Providing Security in the Age of Cyber Insecurity

As 2020 begins, insecurities about cyber operations are growing.

Now more than ever we find ourselves in need of a safety net, and yet we spend most of our time on an [inter]net that has very little to do with safety or, at least, isn’t very good at it.

The new decade has only just started and the news of a massive cyber kidnap (not just an attack, a real old-style kidnapping, with an actual demand for ransom in cash!) is populating most media sites and informing us that Travelex has been hacked.

While the poor affected customers are trying to somehow retrieve their money on holiday, a new hacking crisis has emerged, and we’ve learned that Jeff Bezos of Amazon has allegedly had his phone hacked.

But giving in to panic and fear would mean stopping every online transaction, communication, download or simple data exchange. This is simply not possible for any person or business.

So, what next? As with any danger, the best way forward is to objectively assess the risk and minimise it as much as possible.

Shedding some light on the issue is our Head of Security and IT Director Simon Hogg:

• How serious is the threat of a data breach for a finance company? What are the highest risks and most significant consequences for a company experiencing a data breach?

That’s a great question. The biggest risk, I think, would be not understanding your risk, and by extension not appreciating the things you value most. The biggest downside is the loss of trust from your stakeholders, whether customers, prospective customers, or employees.

According to a study by The Economist Intelligence Unit on cyber security, the effects of a data breach could be catastrophic for a company:

• Would you say the threat is an increasing one?

Yes. The online/connected world is still growing, and user expectations have never been higher. The regulators, with legislation like GDPR and CCPA, are trying to increase protections, and social media makes any security issues much harder to manage.

That said, it’s not always easy to feel the impact of security breaches. I worry that people won’t take this seriously until they feel the personal pain.

• What causes Cyber Insecurity?

The complexity of technology, the way that organisations have grown through mergers and acquisitions, along with the use of multiple 3rd parties. Too often security concerns aren’t baked in with the design; they are bolted-on solutions and these are never as effective as those designed purposefully.

• What is the demand for security?

The demand is huge. Organisations are now using security as differentiator in the marketplace--that’s how powerful it can be. Customers care more than ever, so organisations have to care. Security concerns have now expanded into privacy as well, and the growth in data volumes suggests there’s no end in sight.

• Who are the people most at risk? Could you provide some profiling?

Everyone is at risk. Security is about protecting our assets, or just things we care about, and everyone has something they care about. For me the biggest challenge is understanding what the things you care about are, and taking action to prevent the pain that comes when you lose something of value to you.

“It will never happen to me” is a very risky approach.

• How do you approach data protection?

There is no such thing as 100% secure. It’s usually about the effort it will take to get to the data, and the rewards from getting the data. Think about the Mission Impossible films from a security point of view.

Decide what you care about the most and give it the most protection. Cascade this down to the things you care about less.

Don’t spend more on protecting something than the total cost of replacing it. Many personal things come with intangible costs, and these can be significant.

Don’t think “this won’t ever happen to me”, think about what you would do if it did.

• What does being “secure” mean to you?

Being secure means knowing that you have done all you can to make sure what you care about is protected.

At Eigen, we are fully committed to protecting our own data and that of our clients. As we continue in our devotion to provide and maintain the highest safety standards, our efforts have been lauded with 4 ISO Awards.