Thirdly, companies may not be monitoring their systems closely enough. Intruders can still be halted in their tracks as soon as suspicious activities have been detected. Analytic technology can detect fraud and alert companies very quickly based on changes to expected patterns.
The weakest link could be anywhere along this chain, but as you can see, there are many potential points of vulnerability. While the motivations for the hacking may be different, the results are the same. Hacking and data theft will lead to damaged reputations for brands, operational losses, and missed sales opportunities.
A third kind of attack, well, not actually an attack, is coming from the state itself. We saw what Edward Snowden had to share with the world. How can citizens negotiate a new social contract with the state as an agency, where corporates are also playing a very big role (as collaborators sometimes). Today we talk about globalisation and data sovereignty rather than state sovereignty. What are your thoughts on this?
From our perspective, the anti-hacking fundamentals here are the same, even though the motivation for this type of hack was different, in that was political rather than for financial gain.
In terms of reducing data theft and fraud, what steps should be taken by enterprises, especially retailers and banks?
What we advocate is prevention over cure. Risk mitigation is all about balancing the investment against the danger to the business. Organisations like banks, prioritise data security and invest in several layers of protection to ensure that the data they have remains safe. Examples of this include two-factor authentication and intrusion detection systems. Further to this, analytics software solutions from FICO can look at historical activity to determine whether current activities are suspicious, or predict what will happen next.
Educating employees and making them aware of data breach protocols is another important part of the solution. A 2013 global study from Symantec and the Ponemon Institute found that human errors and system problems caused two-thirds of the data breaches in 2012. Issues included employee mishandling of confidential data, lack of system controls (no requirement to change the password from the default password etc.), and violations of industry and government regulations - most of which can be prevented.
Technology innovations continue to help in the race against the hackers as well. For example, at Singapore Management University, a professor is working on a way to make passwords invisible to browsers and operating systems while still allowing users to log into a website, and sensitive documents invisible to the rest of the system.
Do you think data theft will be more common when more people start using mobile banking?
Sign up for Computerworld eNewsletters.