Published on September 10th, 2012 | by Steven Hodson0
Is Your Data Really Safe? Probably Not.
As more and more of our information is being collected and stored on the web, sometimes with our willing participation and sometimes without our knowledge or consent, we like to believe that the companies collecting and/or storing all that data has our best interests at heart when it comes to keeping that data safe and out of the hands of those who would use it.
The problem is that for the most part this couldn’t be further from the truth; and the reality is that all our data is one keystroke away from being hacked.
The Morning After Of Web 2.0
While there has always been a threat of our data being hacked the problem has been magnified a hundred times over since the advent of the Web 2.0 movement and the proponents of it heralding the whole of idea of living our lives online. We have been lead to believe that the future of computing, and of our technological future, is all about doing everything online and entrusting these Web 2.0 companies with all our information because it will make it easier for us to share it with others.
That’s all well and fine except for one rather big problem – because of the warm and fuzzy ethos that has grown up around the whole Web 2.0 movement security has never been a big priority. As I wrote back in August 2008 at Shooting At Bubbles:
How anyone of you ever got past Web 1.0 without realizing that there are bad people out there who will do bad things so that they can benefit need a good smack in your PHP. I’m sorry but any Web 2.0 product that goes live without first having been trampled through by some evil people deserves everything it gets – including the bad press.
So here’s a really simple piece of advice. when you are coding this crap be smart and go to your nearest high school and get the best hacker there; because they are probably as good if not better than most of you, and put them on your payroll.
The fact is that Web 2.0 would not have succeeded if user security was a prime concern of hot start-ups looking to cash in on the new sharing economy. This is because it is a well known fact that proper security isn’t always easy or user friendly and in most cases adds layers of user interaction before they get to the good stuff; and the last thing that any ‘social media oriented’ company needs is to add layers that will slow down the rush to frictionless sharing.
Security? What Security?
Whether it be through social engineering in order to get passwords, similar to what happened to Mat Honan when his iCloud account was hacked and all his data that was stored on the web was deleted, or through brute force attacks against corporate servers, data has been compromised, and will continue to be compromised.
It seems that there isn’t a day that goes by that we don’t here of yet another site or company server that has been hacked and thousands; and in some cases millions, of accounts compromised; but as a recent report from European Network and Information Security Agency (ENISA) points out there are far more breaches that don’t get reported.
In a press statement accompanying the report, co-authors Dr Marnix Dekker and Chris Karsberg admitted that “cyber incidents are most commonly kept secret when discovered, leaving customers and policymakers in the dark about frequency, impact and root causes.”
Commenting that the “lack of transparency and lack of information about incidents makes it difficult for policy makers to understand the overall impact”, the report added that this, in turn, “complicates the effort in the industry to understand and address cyber security incidents.”
Going Forward …. Not Much Of A Change
As we move even more of our lives and our information to the web and the cloud we are going to find even more companies like Dropbox or LinkedIn become constant targets for hackers of all kinds. With more of our data becoming the backbone of corporate fortunes the likely hood that our data will be a part of a data breach will be magnified.
The simple fact is that if you go on the web and use things like social networks, cloud services, or just about anything that requires you to sign into there is an even money chance that one of those services will get hacked and your private information is no longer private.
Just as people are not going to stop their frictionless sharing hackers aren’t going to stop trying to access all that information. The question is how hard are companies willing to make it for the hackers to succeed, or is it even really that important to them to try. If our current crop of Web 2.0 companies are any indication I wouldn’t count on the securing of your data to be a high priority for them.