Freely subscribe to our NEWSLETTER

According to SC Magazine the latest losses are from one of Australia’s largest internet service providers. The cache was said to be a 40Gb database backup and was accessed through an unpatched Adobe ColdFusion vulnerability.

“ I find it unbelievable that even now, after hundreds of data loss events and substantial media attention companies are simply not employing even the most basic levels of security. They just don’t seem to care. I think the general public should start to question the companies they entrust with their personal information and ensure the data is well protected and if it is not walk away.

“All data should be protected by robust encryption so that, at the very least, if data is stolen it cannot be accessed or read. It sounds so obvious so why is it being overlooked?” comments Tankard.

Another recent incident was of gaming companies Minecraft and Gamigo who between them lost over eight million user credentials including passwords. In the case of Gamigo although their data was hashed they used a low level of encryption that was easily cracked.

“The gaming industry does tend to encrypt but uses in-house experience to do so. Whilst this is better than nothing it does mean that the testing of the encryption programme is limited. A commercial version that has been tested by many different people, put through many different networks and applications, helps to highlight any vulnerability there may be and fix it. Furthermore the product has ongoing development whereas an in-house built solution might stay stagnant for many years and, as we know, technology moves forward at a fast pace. Encryption must be robust and preferably be proven in the corporate world” adds Tankard.

“For goodness sake CIO’s: encrypt, encrypt, encrypt!”