Why is Cybersecurity so important

Author: Gary Hibberd

Date: 22nd June 2020

On an online event recently, I was asked why cybersecurity is so important and why I was so passionate about it? I know that cybersecurity can be seen as a boring topic to some, but when you’ve been involved in the industry for any length of time, you begin to see the real-world impact it has on peoples lives, in countless different ways. 

I’ve seen people lose their livelihoods following a cyberattack, and I’ve seen the effects of having your identity stolen, where it took the victim almost four years to get her life back. Cybersecurity (or the lack of it) affects people in countless ways.

Even matters of the heart are impacted by cybersecurity.

Trust is the first step to love

In 2019 research by dating platform eHarmony and the Imperial College Business School stated that by 2037, the majority of babies in the UK would be born to parents who met via the internet.

The report found that between 2015 and 2019, around a third (32%) of relationships started online. An increase of almost 100%, compared to 2005 and 2014 when the figure stood at just 19%.

By 2035 more than 50% of relationships will begin online.

Who do you trust

Behind these starting figures are organisations, dating companies who are working hard to help you find your Mr (or Mrs) Right (or perhaps your Mr Right-Now?!). Matchmaking and other online dating apps are big business. In 2020 the sector is estimated to be worth around $8.4 Billion, and it’s showing no signs of slowing.

These organisations rely heavily, if not entirely on the technology that is in your hands. They have designed their apps and websites to be friendly and easy to use. They want you to have a great experience, and they want you to find whatever (and whoever) meets your needs.

This is all great for the casual user of these sites and Apps, but can you trust them?

Erosion of Trust

Before I get too deep into this world, I must declare that while I have some knowledge of their services, I’m not actually on them. As a happily married man, I’m not on these platforms (honest), but recent studies have shown that almost 30% of men on these are actually married. 

Worse still, an investigative team at the Columbia University Graduate School of Journalism launched a 16-month investigation into sexual violence involving popular dating apps and online sites. They discovered that Match Group, the company which owns Match.com, OkCupid, Plenty of Fish, and Tinder, allowed known sexual predators to use their sites. Why? Very simply because there are two levels to their business model; A paid and unpaid subscription service.

They don’t have the human resources to screen users on the Free service, so it’s no surprise that sexual predators will use a service which isn’t going to ask too many awkward questions.

This is by no means an attack on these organisations, But it’s a commercial decision. A decision that can have a significant impact on the people who trust these sites to protect them.

It must be love. Love, love.

Remembering that the industry is worth $8.4 Billion, it’s worth knowing that much of this revenue isn’t generated by membership fees. A large proportion is derived from selling advertising space on the site and selling your data to third parties.

Yes, you read that correctly; Selling YOUR data to third parties. It has been long understood that dating sites collect a rich stream of data that is highly valuable to companies who can profit from ‘inside knowledge’ obtained via these sites.

Think about the kind of Data that users are required to share on these sites; photos, names, age, height, weight, location, sex, sexual preferences, interests. Many sites go much deeper than this and require increasingly sensitive information; “So we can find your perfect match…”

The General Data Protection Regulation (GDPR) states very clearly that organisations need to be transparent about who they’re sharing your Data with and not to collect excessive amounts of data.

With good Cybersecurity in place, you can begin to trust that the organisation will protect your data and not share it with parties unknown, and will only collect relevant information.  But more than this, they will ensure your privacy is protected because they have thought about the people, processes and technology required, to ensure you are protected.

Unfortunately, this doesn’t always happen, and when it goes wrong, it goes badly wrong.

Data breaches & Dating Sites

In July 2015, hackers stole the user database containing 32 million subscribers, of the online dating site “Ashley Madison”. This site offered subscribers the opportunity to engage in extra-marital affairs, with the tag line; “Life is short. Have an affair.”

The Hackers (Team Impact) held the company, “Ruby Life” to ransom stating that they demanded money, or the database would be leaked. Indeed it was.

The Data breach was headline news around the world, as the database was readily available. Very quickly emails and letters began arriving in subscribers inboxes and post boxes demanding money, in return for continued anonymity. The message was clear; “Pay up, or we tell your loved ones that you’ve subscribed to a site to have an affair.”

To date, it is known that at least eight people died by suicide as a direct consequence of this cyberattack.

Could a better approach to cybersecurity have prevented this breach from occurring? In a word; Yes. Following the attack, many aspects were discovered that would have reduced the chances of the attack happening or the impact it had.  From poor password encryption, through to the retention of data when it should have been erased, there are numerous things that could have been done to protect the lives of its subscribers.

Ashley Madison’s parent company, Ruby Life, settled on a $11.2 million agreement compensating users whose personal data were exposed and who could submit “valid claims for alleged losses”.

But Ashley Madison’s subscribers aren’t the only dating site to suffer. In April 2016, Beautifulpeople.com suffered a data breach exposing the personal data (including sexual preferences, income and home address) of more than a million members, and in May 2017, The Guardian’s dating site, Guardian Soulmates, leaked the email addresses and user IDs of its members.

Conclusion; Cybersecurity affects REAL lives

Why is cybersecurity so important? Because it affects real lives in very real ways.

Every second, of every minute, 127 new devices are connected to the ‘Internet of Things’ (IoT).  Experts predict that in 2020 there will be around 31 billion IoT devices. That’s four devices for every man, woman and child on the planet.

With the ‘attack surface’ expanding, and the amount of Data we’re creating increasing every day, the need to protect Data has never been greater. Organisations have a responsibility to act with diligence in their security of our Data.

Today I focused on the Dating sector, but organisations need to ask themselves a very simple question; “How could the release of this Data about our customers/clients be used to negatively affect them?”

Following best practice disciplines for Cybersecurity is just one way that an organisation can demonstrate they are truly putting their customers’ safety at the heart of their business.