Is our data safe? Candidly, no, and it hasn’t been safe for a very long time. Every business, every consumer, is in danger of being hacked. If we don’t do something about this soon, we are all going to be victims at one point or another. So, let’s be clear, knowing that it isn’t safe and trying to do something about it are certainly two different things when it comes to protecting your more valuable assets. But, more importantly now, what are we going to do about it?
Let me give you a recent example. The British Council is an organization that offers cultural and educational opportunities and empowers young people to learn English and transform their lives through learning and qualifications.
Clario has collaborated with independent cybersecurity researcher Bob Diachenko to discover files with personal and login details of British Council students, potentially putting them and their personal information at risk.
The data leak was discovered and reported on Dec. 5, 2021. A blob container was indexed by a public search engine and contained 144K+ of xml, json, and xls/xlsx files. These were structured to include various pieces of information about hundreds of thousands of British Council English course learners’ and students’ details across the globe. Such information included student name, email, enrollment dates, duration of study, and more. On Dec. 23, 2021—two weeks after the initial contact—confirmation around the security of the repository was announced by the British Council.
This also follows a history of issues surrounding cybersecurity at this organization. A recent report revealed how the organization has been a victim of two ransomware attacks in the past five years, official figures have shown. The data, obtained from a FoI (freedom of information) request revealed the British Council suffered a total of 12 days of downtime due to the incidents; five days in the first and seven in the second.
Risks for Students
Now, make no mistake, this could happen to just about any organization today, but there are a lot of potential impacts for these students with the December data leak. If scammers have access to personal details such as name, contact details, and student status, then students could have become victims of identity fraud. Examples in this case could include stealing qualifications or buying products in the name of students.
Phishing is also a huge risk here. The more personal information cybercriminals have, the more convincing their scams can trick users into giving up sensitive information. In this case, email address, student name, and other details could have been used to trick them into handing over more details or money.
Risks for Businesses
The risk isn’t just for the students either. There are challenges for the British Council if this data breach becomes common knowledge. For example, loss of reputation is a concern for most organizations—even if most organizations aren’t directly responsible.
Additionally, attackers can exploit vulnerabilities in their IT infrastructure for their own malicious ends. For example, hackers could open bank accounts, take out loans, or make expensive financial purchases in your name. They could use this information to access your online accounts such as with different stores or financial service providers.
Solutions for All
So back to my question: What are we going to do next to ensure that our data is safe? Clario advises to log into an account and change passwords immediately while also updating passwords regularly every 180 days. Also, be cautious with suspicious-looking emails or links, follow your instincts, and work with a trusted cybersecurity provider.
I have some additional thoughts as well. Let’s look at this from two perspectives: as consumers/workers and as businesses.
As consumers we need to go back to the basics, if we haven’t done so already. We need those stronger password systems, multi-factor authentication, and to seek out secure technology providers. Still, as consumers, there is only so much we can do. We need the manufacturing community to ensure that these devices are secure.
What’s more, as businesses or as technology companies, there is a lot we can do to protect our data. Consider this two-pronged approach that focuses on the worker: education for all workers while also reskilling, upskilling, and finding new workers for the security positions that are unfilled. We need to pass on experience. This is vital for smart factories and so much more.
To protect from ransomware, we can back up our computers, store our backups separately, update and patch our computers regularly, keep personal information secure, and verify email senders. If we do face a ransomware attack, businesses can isolate the infected system, turn off all devices, secure backups, immediately report the incidents, and change all system passwords. We face some very challenging times, so we need to think about the hurdles and get our people prepared as much as possible.
At the end of the day, we need everybody—consumers, businesses, tech companies, and government—to come together to solve this. We need to figure out what is broken and fix it. Putting our heads in the sand and ignoring the obvious will not make it go away. It will only make pushing the boulder up the mountain much harder to climb. And at the end of the day, we just need to be prepared for the next attack.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #futureofwork #digitaltransformation #green #ecosystem #environmental #circularworld #cyberattack #manufacturing