img
kv Blogs
 Kohli Ventures
27 December 2016

Cybersecurity: Can We Do Better?

Many companies – not to mention individuals – have become cybersecurity complacent. With dedicated employees and software to prevent cyberattacks at every decent sized company, it’s easy to think that we’re past the time of eerily confident hackers and unforeseen attacks.

Thanks to tech-savvy CEOs like Facebook’s Mark Zuckerberg and Instagram’s Kevin Systrom – many of whom, including our own Tej Kohli (net worth approx £4.5 billion) started off as computer geeks themselves – most companies are very well aware of the rigorous systems that need to be in operation to prevent dangerous cyberattacks.

But 2017 is going to be a big challenge for cybersecurity. Companies including Tej Kohli Ventures are set to do battle with these problems over the coming year.

Digital Payment Hacks

It’s amazing to be able to pay for goods and services with one quick swipe of the credit or debit card. But contactless payment is already being surpassed by proliferating smartphone payment systems, of which the most popular are currently Apple Pay and Google Wallet. These are apps linked up directly to the user’s bank account, which let him or her pay with just one swipe of the phone. Consumers love them, and no wise CEO wants to exclude this kind of payment from his or her services.

But digital payment apps are very easy to hack. Malware authors tap consumers’ mobile wallets regularly, and they don’t always stop there. Once they have smartphone access, they can get hold of an employee’s emails, contacts and – perhaps most terrifying of all – worker authentication processes. That means that a hack into a smartphone owned by even a low-level employee of a big bank, for instance, could end up letting the hacker into the entire transactions system.

Open Source Vulnerabilities

Heartbleed, a security bug in the OpenSSL cryptography library, caused chaos when discovered in 2014. It had left half a million secure, certified web servers open to hackers who stole private keys, session cookies and passwords. Almost every internet user changed his or her password, panicking at the level of vulnerability. Since then, open source vulnerability holes including Shellshock and Poodle have caused more panic.

These problems come from old, out-of-date versions of very common software like JavaScript or Windows. And they don’t just affect small companies or naïve users: many big-name websites are not using up-to-date certificates.

New Top Level Domains
Tk_Image_06
To allow for more, and more distinctive, URLS, adapted top level domains (TLDs) are rapidly replacing – or supplementing – generic .com addresses. Sites like home.barclays, parisfashionweek.buzz, or halfhitch.london tell users more about the site they’re visiting. But they confuse some users, who may not be able to tell the difference between the authentic home.barclays site and, for instance bank.barclays.

What to do?

Companies using innovative TLDs will need to be extra careful until their clientele catch up. Meanwhile, to avoid open source vulnerabilities, companies should encourage consumers to change passwords regularly, introduce another layer of authentication, and make sure all their software is up to date. And digital payment hacks mean that companies should limit and diversify employee smartphone access to company files.

It’s a challenge – but a company which stays ahead of the game should have no problem combatting cyberattacks in the new year.