Media‎ > ‎Blog‎ > ‎Articles‎ > ‎

Security breach - whose fault is it?

posted 24 Dec 2014, 06:48 by Stephen Hind   [ updated 25 Mar 2015, 08:11 by Stephen Hind ]

In the wake of the latest celebrity photos leak, DrPete wonders who's really to blame when it comes to breached security.

While it's nothing new, whenever explicit pictures (pictures that were meant to be private) become public, the internet usually responds in two distinct ways: The first is sympathy for the unwitting person's now broken privacy, and the second blames the victim for putting their private documents in a place to which an attacker could gain access.

But there's another concern - how secure is that place in the first place? Of course this is not just a concern for the general public, but for businesses too.

Something else to consider is that there are two ways for an attacker to gain access to your content. The first is to try and hack into the overall system (e.g. Google Drive, Dropbox, iCloud) and find the data you want from their servers. Of course for many services this is almost impossible thanks to modern security measures, and if anyone did retrieve data this way, it would undoubtedly be the company's fault.

The second way for someone to get to your content is by guessing your password, and this is where the issue gets a little trickier. One the one hand, when you set your password, you are taking responsibility of how secure that password is (i.e. how easily guessable it is). On the other hand, should there be other ways to verify that the correct person is accessing the content if someone's trying to get to the content on another device, in an unusual location, or at a strange time of day? Should you have to enter a code sent to your mobile phone, for example, or pass a face scan?

Of course, many services do offer these features and on a personal level, it makes sense to let the user choose whether to use them or not. For businesses, this would be a management decision.

Do you agree, or do you think we're wrong?

If you'd like to talk about security for your business, please contact us.

Security breach - whose fault is it?

Meet some of our team

Dr Peter Chadha Dr Peter Chadha

CEO DrPete,
Managing Consultant

MORE
Dan Smith Dan Smith

IT Director,
Infrastructure and Cloud Specialist

MORE
Mark Langley Mark Langley

IT Director,
Specialist in programme and cloud applications

MORE
Roelof Iball Roelof Iball

Senior Consultant,
Business solutions

MORE
Paul McCormack Paul McCormack

Senior Consultant,
Specialist in programme strategy and infrastructure

MORE