The world seems to be full of security alerts, data breaches and software behaving in scary ways.
Capital One is the latest organisation to be breached and the security implications for the bank and its customers will be huge and reverberate for years into the future.
News that airlines are issuing instructions to (we kid you not) switch certain models off and on again after 149 hours of continuous running time does not make you want to jump on a plane (although let’s face it, not much does).
In a slightly different threat, other airplanes have crashed because the software behaved in a logical but deadly way.
Very recently the Department for Homeland Security has issued a warning to owners of small planes that their systems are vulnerable to hacking.
With threats from outside and threats from the very fabric of the machine it is easy to overlook another major threat.
The threat from within.
According to security experts Nucleus Cyber:
- 70% of orgs are more frequently seeing insider attacks
- 60% experienced one or more in the last 12 months
- 68% feel “extremely to moderately” vulnerable to them.
- Not only are organisations seeing a dramatic increase of attacks from insiders, but 85% find it difficult to determine actual damage being caused, especially in cloud environments.
- Since migrating to cloud, 56% believe detecting insider attacks has become “significantly to somewhat” harder
- 39% identify cloud storage and file sharing apps most vulnerable.
In a way this news is more scary than the blunt threats of cyberattack and software blips. As the Romans said, ‘Quis custodiet ipsos custodes’ or ‘Who will guard the guards’?
What is also scary and something we hear more and more is the vulnerabilities – whether real or perceived – in the cloud.
It is a wake up call.
If everything is migrating to the cloud and yet there are security worries about doing so, then something has to happen. Indeed, this hesitation is why many larger organisation are making absolutely sure that the cloud environment is safe. And why, for instance, telecoms companies are not pushing their BSS and OSS environments into the cloud as fast as you might expect.
With threats from outside and inside it is hard to know what to recommend.
Either remain constantly vigilant and co-operate and share information with everyone.
Or switch off everything.
And never fly again.