Sex, Lies and Cloud-Based Storage: Don’t let your Corporate Image be Next

With Jennifer Lawrence and her legal machine doing all in their power to repair damage from the online publication of her private photos, we can all learn a few things from her misfortune.

Apple denies it has been hacked and reports indicate that weak passwords were responsible for the leak. Whatever the reason, speculation is the name of the game when it comes to identifying threats and assessing risk; think big, think bold, think like an attacker is my advice.

Had Jennifer – or indeed other celebrities whose intimate images and videos have been publicly exposed – considered the images’ value to her would-be ‘attacker’, she may have thought long and hard about how, where and why to store them.

Information is valuable. Everybody knows it, everybody talks about it and many consider it, but how many actually protect it?

Unknown unknowns

As we move into a cyber-enabled environment like never before, there are known knowns, known unknowns, unknown knowns and unknown unknowns – so how on earth are we expected to mitigate against a risk we don’t even know exists, let alone identify whether it will affect us?

The simple answer is: it doesn’t matter!

Information should be classified against some form of protective marking scheme, be it modelled on Government Security Classifications or internal policy. Information can then be handled in accordance with that classification, which will inform decision making about how and where information is stored.

Electronic storage of information, like any physical storage room, has one key weakness: it needs to be accessed. Providing access to anything creates a vulnerability and the greater the access, the greater the vulnerability.

Like the hardened commando who keeps his weapon close to him at all times, businesses should keep their most crucial assets close to them. The further away from you that asset is, the less control you have. The less your control, the greater the risk of exploitation.

No matter how secure an environment you are promised, if you cannot manage the risk yourself, you are risking uncontrolled access being granted to your information.

A starting point could be to ask yourself “how, how often and when do I need to access this information?” Depending on the answers to these simple questions you can start to formulate a policy regarding storage and retention of information.

Passwords

Once a decision is made it’s important to create passwords that some resistance to attack. Simple passwords can be defeated quickly by attack methods obtained for small sums or even for free from open websites.

The more complex the password, the more difficult it is to break. Having said this, Abr@Av”13e*rAdER18!b may not be the most memorable password, so a compromise could be a phase that means very little, interspersed with capitals, numbers and symbols – ie, pigs fall in mud could become  -. P1G@Fall!inMuD3.

It is important to remember, nothing is 100% secure, but you can make it extremely difficult for an attacker to access your information through some simple steps. This is not about stopping an attack; more about delaying an attack’s success.

Many remote attackers set a limit on the length of time they attempt to ‘break in’. The more secure your password, the longer it would take to break it. The longer it will take to break it, the less vulnerable you are to this type of attack.

Cloud-based storage can be extremely useful, cost-effective and sufficiently secure for many organisations; however, to entrust your information to a third-party without giving it proper consideration may result in your corporate image being the attacker’s next victim.

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

Download The Video Surveillance Report