In June of 1985, Robert Schifreen and Steve Gold became the first people in the world to be convicted of computer hacking. Using a cheap home computer, the pair managed to gained access to British Telecom’s Prestel service, an early precursor to modern email systems. Once they had access, they were able to explore data across the entire system, culminating in the two gaining access to Prince Phillip’s inbox.
Schifreen and Gold were able to access the Prestel system when they observed an engineer from the company logging on at a trade show. By ‘shoulder surfing’ — quite literally looking at someone using a computer — they were able to get the login details they needed. The pair were eventually caught when Prestel installed monitors on the system and passed the information over to the police.
Eventually, Schifreen and Gold were acquitted by Lord Justice Lane, but this was the birth of computer hacking as we know it. At the time, this type of terminology wasn’t in use and there was no law that dealt specifically with this type of crime. This led to the UK Parliament introducing the Computer Misuse Act of 1990, an act that outlined a number of criminal offences with which hackers could be charged. This bill has been incredibly influential in the shaping of similar laws across the globe, with Canada and The Republic of Ireland drawing heavily from the act.
It is shocking that these events took place less than 30 years ago. In that incredibly short period, the internet has wrought momentous global change. While not an overtly physical change like the Industrial Revolution, the rise of the internet has arguably impacted the world just as much. It is something so integral to society, it has even influenced the name of the era we live in: The Information Age.
Despite the undoubted benefits that this age has brought, it also has a dark side: the rise of hacking. Since the creation of the Computer Misuse Act in 1990, cyber crime has exploded and changed the way organisations do business. From its humble beginnings with Robert Schifreen and Steve Gold accessing the emails of Prince Philip, internet crime has grown to be worth more than the global drug trade.
When you consider how much press space has been dedicated to the latter, it is shocking that more is not done to combat cyber crime and the problems it causes both inside and outside organisations. One possible reason for this is that hackers have always managed to stay several steps ahead of government—but it is nevertheless an organisation’s own responsibility to keep its valuable assets safe.
Once a data breach has occurred, the damage is already done. A hacker gaining access to a company’s sensitive information can have an irreversible impact on the business, as they have lost both valuable assets and, more importantly, trust—something no manner of reparations can solve.
Government, law, and the justice system cannot move quickly enough to protect organisations from hackers who operate on the cutting edge of technology. It is up to the organisations themselves to implement adaptive controls that take context into account (Where are you logging in from? Does the system recognise your device and IP address? How many password attempts?), and to establish trust relationships with parties inside and outside of the organisation, between whom secure data can be shared. The companies who invest now will be repaid with a significant competitive advantage in the market.
Yet there are still too many organisations using outmoded technologies that do not provide the level of protection required in today’s world. Today’s security is not anti-virus software. It’s not about keeping the bad guys out. It’s about knowing who has access to what. Identity and access management (IAM) technology has become quite sophisticated at using real-time and contextual data to understand who you are and what you can access. Now IAM platforms are increasingly extended to external users and customers, applications, devices, and things connected to the Internet as a way to improve customer engagement and drive business growth, by providing a single, consolidated view of the consumer. If you understand who you are dealing with, you know how to proactively act, rather than react.
Hackers, starting with Schifreen and Gold, have taught us the hard way the importance of protecting customers and their data. But they have also given us a golden opportunity. Organisations can take the investment they have made in identity and access management security and harness it as a platform for consumer engagement. Once organisations understand who has access to what, they can use this data to create a truly secure platform that allows customers to buy products and services, or engage with the brand. Companies gain valuable data and insight into their consumer base, allowing them to optimise their offerings to appeal to their audience and thus generate revenue. But most importantly, they gain their customer’s trust—and that’s worth its weight in Schifreen and Gold.
Mike Ellis, CEO, ForgeRock