Have you been pwned?

Over the past few years, cybercrime has become an increasingly real threat for businesses and individuals alike. From personal email and social media accounts being hacked, to huge data leaks and information theft from major corporations around the world, cybercrime is very much a part of our culture today – and it’s clear that it isn’t going anywhere anytime soon. And, as we depend on the Internet for an increasingly large part of our daily lives, the implications of cybercrime and ‘getting pwned’ are only becoming more serious.

First things first: is ‘pwned’ even a word? What does it mean?

The term ‘pwned’ is a play on the word ‘owned’, first used in online gaming culture to refer to taking advantage of, embarrassing, or otherwise dominating an opponent. As with so many trends with their roots in Internet culture, the term started as a joke: the most common theory on its origin is that a World of Warcraft map maker mistyped ‘owned’ as ‘pwned’, due to the ‘P’ key’s close proximity to the ‘O’ key. Before long, pwned became a permanent fixture in the gamer’s vocabulary, and as Internet culture started spilling over into the ‘real world’, the term has started being used in a broader context.

Cybersecurity has become a global epidemic – and South African businesses are no exception

If you’ve been following the news over the past few months, you’ll have noticed that reports of cybercrime are on the incline all around the world, from the WannaCry and NotPetya ransomware attacks that brought several hospitals in the UK to a grinding halt and cost shipping giant Maersk $200 million, to the HBO hack during the Game of Thrones season 7 premiere, to the seemingly endless number of celebrities having their personal information hacked and published on the internet. But if the lack of reports about South African businesses suffering from similar attacks makes you think you aren’t at risk, you’re sorely mistaken.

Firstly, cyberattacks like these are carried out on a global scale. The internet isn’t divided by geography: any unsecured connection is a potential victim. Sure, the major attacks might focus primarily on multi-million dollar organisations, but that isn’t to say that they don’t target smaller businesses too. Besides, if giants like Sony, Yahoo!, and the NHS can fall victim to cybercrime despite the millions of dollars they spend every year on security efforts, how much of a chance does your business stand?

Additionally, businesses all around the world, South Africa included, are shifting an ever-growing portion of their operations into the cloud. Whether you’re using a simple cloud storage platform like iCloud, Dropbox or Google Drive, or running your entire infrastructure over the cloud, you’re exposing yourself to risk. It’s critical to ensure that your cloud applications are secure, and that you perform security audits, change passwords and back up files regularly.

How do you know if you’re at risk of being pwned?

The sad truth is, unless you’ve made a conscious effort to protect your privacy online (such as changing your password every few months and using combinations of numbers, symbols and lower-case and capital letters), you’ve probably already been pwned at one point or another. Compromised accounts are so common, in fact, that data expert Troy Hunt created a website called haveibeenpwned.com which, allows users to search their email address or any associated usernames to see whether they’ve been pwned. If you haven’t used it yet, it’s worth trying out a few of your email addresses and usernames —you might be surprised how many of them show up on the list.

What can you do to minimise your risk of being pwned?

While there are some cybercriminals who are able to break through just about any level of security and encryption, the biggest threat to your cybersecurity isn’t a co-ordinated attack — it’s complacency among your staff and your customers. How well-informed is your staff about the threat of cybercrime? Do they know how best to protect themselves? In an organisational context, there’s a lot you can do to educate your staff about the threats of cybercrime and minimise the chance of an attack on your business. Do you have a security policy in place? If you do, are you enforcing it? And how regularly are you updating it to ensure you’re covered for the latest threats? Are you keeping all of your software up to date? The WannaCry and Ransomware attacks relied on a security flaw in an outdated version of Windows, so maintaining up to date software is essential.

Depending on the scale of your infrastructure, it might make more sense to outsource your networking and cybersecurity needs to a provider who can develop a custom solution for your business. If you’d like to know more about how we can help, get in touch with us at KRS.

Photo by Thomas Kvistholt on Unsplash