Ask the Expert: Is there a correlation between Digitization of Information and Cyber Security?

This week’s Ask the Expert is answered by Jurijs Rapoports, Senior Security Engineer at X Infotech and a chapter leader at the OWASP Foundation

Office worker goes in passage between the walls of paper documents. Young businessman in suit with briefcase is finding exit from information whirlwind. Businessman finds a solution to the problem of hard office work.

This week’s Ask the Expert is answered by advisory board member Jurijs Rapoports, the Senior Security Engineer at X Infotech and a chapter leader at the OWASP Foundation.

Ask the Expert: Is there a correlation between Digitization of Information and Cyber Security?

We’re living in a day and age where cyber threats are becoming more common than robberies on the streets. They’ve evolved from basic malware attacks to total hacks designed to bring down economies, and at this day and age, the digitization of information just can’t happen without cyber security. This post is going to formed like a discussion where we’ll talk about everything there is to list out about the two words ‘security’ and ‘digitization’.

So, first of all, let’s talk about what the IT department was supposed to do about thirty years ago. At the time, the job wasn’t that difficult. You just had to fix minor issues that are considered menial these days and even an 8 year old knows how to get rid of them. The tasks were simple, the number of devices were limited and overall it was an easy job. But, today the IT department’s job is much more important than fixing the Wi-Fi. They’re supposed to protect the entire infrastructure of the company to ensure that the data on the servers remains private. Because of every business’ constant struggle to increase the amount of data on cloud and maximize efficiency, the server rooms have become a battlefield where cyber warriors fight for the lives of their company. To be honest, it’s astonishing how much the meaning of the word Security has changed over the course of 30 years.

So, when did cyber threats start to become a legitimate problem for conglomerates? If we had to pinpoint it, we’d say that this was somewhere around 2014 when Sony was hacked. This wasn’t the first time actually. Sony was hacked in 2011 as well, when over 70 million users had their information stolen. The second hack was by a community that goes by the name of GOP (Guardians of Peace). At the time, it seemed like it was the cleverness of GOP that allowed them to hack a company like Sony. But, later it turned out that it was just sloppiness on the end of the IT department at Sony. They didn’t have appropriate protocols or disaster backup recovery in place that would have protected them from the hack. After this incident, Sony put security as a top priority, while other companies realized that cyber threats are legit and there are people out there that are willing to tackle these huge tech giants.

Believe it or not, even then companies weren’t paying as much attention to cyber threats as they should have. Sure, the hacks on Sony made them put protocols in place, but that was pretty much it. It wasn’t till the WannaCry and NotPetya ransomware attacks that really brought cyber security to light. These two attacks proved that hacks didn’t have to be targeted to cost millions. And, this is where board members realized that they weren’t paying enough to protect their data. And, if they continued to do the same, there was going to be a time when these few hundred thousand dollar costs will turn to millions.

Fast forward to 2018, IT security is probably the most important factor of any business with companies investing millions to ensure the privacy of their servers. Especially with the advent of Internet of Things (IoT), cyber security is more crucial than ever and is developing rapidly. A good example of that would be Denuvo Anti Tamper. It’s nowhere near related to cyber security but helps to illustrate our point.

Till 2014, game developers were being financially scammed by hackers that were cracking paid games and spreading them for free. This became so worrisome that the number of players using cracked versions was more than the ones using paid versions. Then came Denuvo Anti Tamper technology that aimed to create a more secure platform for game developers preventing their content from being cracked and distributed for free. The very first game to use Denuvo was Dragon Age: Inquisition. The anti-tamper tech was promising and protected the game for almost a month. This was pretty surprising since most games were cracked on the same day as their release. Since then, hundreds of games have been using Denuvo and almost half of them are still not cracked. Even today, franchise games like Fifda, Assassins Creed and Tomb Raider games are protected through Denuvo and have not been cracked yet.

Right now, the main focus for companies holding large amounts of user data is privacy. They know that a breach will degrade their name in the vision of the public and people might not feel so safe entering their contact info, location and credit card details on websites that have been hacked previously. And, efforts have been fruitful, but not completely. The very recent Facebook hack revealed that no matter how hard companies try to keep their systems secure, someone somewhere can get in. 50 Million users got hacked and the people remained in the system for 11 days till Facebook took back things in their control. There’s no estimate on how much data was stolen or who exactly stole it.

Closing Thoughts

Cyber crime is like an axe hanging above our heads and businesses are trying to build as many barriers as they can to prevent that axe from coming down on their necks. It can’t be said whether these attacks will stop soon enough. But one thing is certain, instead of being reactive, business need to be proactive if they’re going to have any chance of stopping cyber crimes.

Enjoyed this Ask the Expert? Check out What benefits come from running a partner programme?