ManiThis week, the Guardian newspaper is reporting, that the EasyJet systems were hacked, causing data loss of millions of customers private and financial information.
While awareness is key, it seems to have little effect on the rate of recurrence of Cyber Security incidents. Most Cyber Security incidents are direct result of an exploit or vulnerability or human oversight.
EasyJet revealed on Tuesday it had suffered a “highly sophisticated” cyber-attack. It comes at a time of heightened concern about a surge in online and phone scams linked to the corona virus pandemic.
The airline said the personal information of 9 million customers – comprising email addresses, travel details (though not passport information), and financial information of many was compromised.
There’s no confirmation on that yet – the airline said only that the attack came from “a highly sophisticated source”, and that it has now “closed off this unauthorized access”. EasyJet management added that as soon as it became aware of the incident, it took immediate steps to respond and engaged forensic experts to investigate.
Practically, I am beginning to believe that increased coverage is having the opposite effect on our ability to thwart attacks against the system. EasyJet systems hacking is an example were the management could have taken preventive measures earlier but did not.
The increased coverage has normalized Cyber Security incidents, and has made us helpless and lacking action. If large enterprises and even countries are vulnerable, how can anyone defend against this threat, hacking is no longer a possibility in our minds, it is an inevitability.
Imagine if we were this relaxed towards company’s inventory or even organizational assets.
In my view one of the reasons why IT Security is facing this challenge, is primarily due to lack seriousness in organization’s day-to-day body language. We say we are serious but we don’t act it.
Due to recent events, I do think things are changing or that we are heading towards a zero-tolerance and zero-comprise.
Cyber security and zero tolerance towards vulnerability is doable, it is not costly and it should be part of the enterprise architecture and DNA from day one.
I am a Cyber Security professional and a tech enthusiast. If you have a comment about “EasyJet systems were hacked” story please feel free to reach out to me. To check the original story Click here
Mani Masood
