Posted 24 Mar
Words by Walter Marsh.
The way we work, shop and connect has been transformed by the cloud. But, as more and more aspects of our lives move online, the value of our data — and the task of protecting it — are more important than ever.
A cyber security consultant for Deloitte, Aneet S George is seeing firsthand the challenges posed by an increasingly digital world.
“Basically, clients approach us to make sure their security and IT infrastructure conform to the industry standards,” Aneet says of her day-to-day work. “With IT audits, for example, I look through different systems like SAP, Unix, Windows, and all the databases to make sure their configurations and settings meet certain parameters and thresholds in line with the industry standards.”
Over the past year, that work has often been done remotely, using special scripts that comb through a client company’s systems. This creates a broad feed of data — covering anywhere between 1000 to 2000 user accounts — which is then picked apart by Aneet and her colleagues. “We try to interpret what the configuration is, what’s wrong and what’s right, and try to understand it”.
Changes to a company’s needs — like an unforeseen airborne virus forcing all employees to suddenly transition to working from home — can have wide-ranging repercussions. In organisations used to a more static way of working and managing employees, this meant a variety of new solutions and workarounds were implemented, leaving in their wake a variety of problems for analysts like Aneet to wade through.
Seemingly small shifts, like as allowing users to retain the same passwords for longer as they transition from their usual office workstation to remotely accessing their accounts from a variety of locations and devices, become magnified across the scale of a large organisation,.
“Usually the industry standard is, say, 90 days, for when you should change your passwords,” she explains. “But one client manually changed that setting to around 200 days, just so their employees could get used to it and settle in.
“We might think it’s a really small issue, changing a password configuration,” she says. “But the the way IT systems work, one password [could] be connecting to multiple systems, and that’s where the security aspect of the whole thing lies. If one user does not change his password for a number of days, and if at any point during that process or that 200-300 days, that person leaves the organisation, there could be huge risks if that person knows their password and knows it doesn’t get changed for however many days.”
For Aneet, improving cyber security in the future will depend on businesses and the public gaining a better, more holistic understanding of how entwined our lives are with technology. Rather than one big silver bullet, it requires a change in mindset to ensure that small but significant questions of security become a natural, everyday process.
“For the general public, one of the biggest issues is that people don’t realise technology and cyber security should go hand in hand,” she says. “One big mistake we see, is that cyber needs to know everything about your business processes, your technology processes, everything, to do their work efficiently.”
We’ve seen how an incautious approach can create problems; the internet’s darker corners abound with caches of user data from compromised websites or apps — information which, if we’re not diligent, can be used to access other parts of our interconnected digital footprints.
“It means the chances of attack, the chances of data to be lost, of more crimes and cyber security [problems] are really getting higher. It’s easier to get personal information. I really think right now, all of our personal information is out there in the world. I think it was too late when the world realised it was time to start protecting your data.
But, after a year in which more people are using cloud-based solutions, and being expected to hand over personal data in new and comprehensive ways from the COVIDsafe app to contact tracers, the importance of one’s personal data is becoming more widely understood.
“Data is one of the most key things that people have understood this year, how important it is to safeguard it,” she says. “Two years ago, people weren’t so bothered if someone had our email or phone number.
“I’m a lot more cautious or aware of any data that goes through me — and that I send to other people.”