Digital data is a crucial part of today's networked world, but who really has access to confidential information? The answer: more people than we would like.
"Everyone is potentially threatened – every government, every company and also every individual." Timotheus Höttges, Chairman of the Board of Deutsche Telekom, described the severity of current threats in stark terms at the Cyber Security Summit held recently in Bonn, Germany. Hardly a day goes by without another report of hacker attacks, data leaks or secret spying on digital information. And amazingly, public response is very often muted. Höttges believes that "people have become resigned because they feel helpless in the face of the complexity of the Internet."
According to the Cyber Security Report, a survey conducted by the Allensbach Institute, more than 600 managers and executives from small businesses and large companies view “Internet data fraud” as the biggest threat to German citizens. Today one out of every two people uses a smartphone, according to the German Federal Association for Information Technology, Telecommunications and New Media (BITKOM). So fully protecting ourselves from data abuse or attack is impossible, because anyone using a smartphone is automatically sending streams of data through the web. GPS, e-mail, banking – there are apps for anything and everything. Usually we only find out later who else is reading our data besides the people we intend to share it with.
The Global Privacy Enforcement Network, an association of international data protection agencies, determined that 85 percent of apps do not sufficiently inform users about what personal information is gathered and what it is used for.
The rise in mobile data usage poses security risks that are very hard for companies to control. Devices, operating systems and applications are too diverse to close every security loophole. Even doing without mobile devices does not necessarily guarantee security: The trend known as IT consumerization, where personal devices are used for business purposes, is blurring the boundaries between work and private life.
With fatal consequences: According to the People Inspired Security Report, some 20 percent of those surveyed have already used their own devices to circumvent their companies' security restrictions, such as prohibitions on the use of Dropbox cloud storage. Even if the intent is generally to improve work flow, such habits increase the risk of unauthorized data access.
This is why the report uses the term "hired hackers".
Companies are well aware of these risks, as indicated in a study by the German Federal Office for Information Security. And yes, they are also well-armed against many dangers and attacks on their IT. But too little attention is still paid to preventive measures and mandatory processes for IT security management – and in the age of social media and cloud computing, the threat profile undergoes rapid shifts.
The key is finding comprehensive IT security solutions that cover every area of data exchange – and adopting them quickly. To start with, companies need to set up security guidelines and codes of conduct, and then make to sensitize employees to the risks and train them on good-practice behavior. Risks need to be identified and reassessed on an ongoing basis. Only in this way can appropriate means of protection be chosen, e.g. encryption programs, anti-virus measures or new approaches to authorization.
The German government's planned IT security legislation will also require companies in certain sectors to report cyberattacks – and to take action to prevent them. So it is high time for this unpopular topic to rise higher on the business agenda.