Weekly podcast: why you can’t ignore information security in 2016

In our first podcast of 2016, we explain why information security can’t be ignored – by anyone – and consider some recent criminal arrests.


Hello and welcome to the first IT Governance podcast of 2016. Before we look forward, a brief look back…

Last year, according to our calculations, more than 480 million records were lost, leaked or stolen. News of data breaches is now so commonplace that we’re in danger of becoming inured to it. So what’s the big deal? Why does it actually matter?

Well, stolen data can be used to commit identity fraud, file fraudulent tax returns, apply for loans or credit cards in others’ names, register fake accounts, launch spam and phishing attacks, make fraudulent transactions, transfer money from victims’ bank accounts, steal intellectual property, commit corporate espionage, or simply blackmail people or organisations. And there are probably plenty of other crimes that I haven’t thought of.

Make no mistake: data breaches are a Bad Thing.

If your company collects, processes or stores data, you need to protect it. If you’re an individual, you need to make sure that the companies you interact with protect your information.

Automated attacks are indiscriminate and every organisation is equally at risk of attack. However small the organisation, whatever the scale of information they’ve got, it must be protected. This isn’t just a matter of good housekeeping, either. With the EU General Data Protection Regulation (or GDPR) finally looking like it’s about to be implemented, and fines for poor data security likely to increase dramatically for breached organisations compared with those permitted by the UK Data Protection Act, information security is something that no one can avoid any more.

I’d like to hope, as 2016 kicks off, that everyone realises quite how important this issue is and does something about it. Everyone. And as this podcast continues throughout the year, I want to be reporting stories of organisations that have mitigated the threats they face, protected their systems from attack, thwarted criminal hackers and defended their and their customers’ data.

I’m not going to hold my breath, though. So the countdown to the year’s first big data breach story starts now.

Until then: two news stories about the fight back against cyber crime to get us going.

Police officers from Austria, Bosnia-Herzegovina, Germany and the UK – assisted by colleagues from Australia, France, Japan, Romania, Switzerland and the USA – have worked together to apprehend “key members” of the DD4BC online extortion gang in a series of raids conducted under the name “Operation Pleiades”. DD4BC is accused of taking down companies’ websites with DDoS attacks, and demanding ransoms – paid in Bitcoin. According to a report by Akamai, the group carried out 141 attacks on banks, credit unions, currency exchanges, payment processing companies and others between September 30, 2014 and July 24, 2015.

A 26 year-old Turkish man, Onur Kopçak, has been sentenced to 334 years in prison for operating phishing websites designed to steal unsuspecting visitors’ bank details. According to Turkey’s Daily Sabah, Kopçak was arrested in 2013, charged with identify fraud, website forgery, access device fraud and wire fraud, and sentenced to 199 years, 7 months and 10 days’ imprisonment after 43 bank customers filed complaints. This Sunday he was sentenced to a further 135 years in prison for stealing and selling 11 other people’s credit card information.

That’s it for this week. Remember that you can keep up to date with the latest information security news on our blog. And whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.