It would appear that someone has been spying on the New Zealand Rugby team. A bug was apparently found hidden inside a chair in a team meeting room at the Intercontinental Hotel in Sydney, just before the All Blacks record breaking win against Australia. For those of you thinking “What’s rugby? Big deal.” bear with me.
The rumor mill seems less keen on foul play from a beleaguered opposition than on the idea of a betting syndicate looking for an edge. Whoever it was, and whatever they were after, let’s read between the lines. Apparently the meetings about an upcoming game, in a sport that much of the world is nonplussed about, warrant the use of clandestine monitoring practices. Which should give pause for the thought when we’re thinking about million and billion-dollar trade deals in the business world, or sensitive, even classified information in the government sector. How much higher are; the stakes; the likelihood that there would be a party motivated to listen in; they would have the means to do so.
In their excellent piece on the NZ bugging story, the BBC spoke to Alex Bomberg, who’s company International Intelligence works with large organizations providing counter-espionage services. Bomberg gets straight to the heart of the matter when he identifies cell phones as a key risk area.
"They are very, very dangerous things," he says. "You are bringing basically a transmitting device into a building." Bomberg continues, "A lot of the larger companies now are creating sterile areas in which to hold a meeting. You can't even take your mobile phone in, which is very good practice, because what have we got on our phones? A microphone."
The creation of the “sterile areas” and even the use of travel “burner” phones as seen in the criminal world makes a certain amount of sense. However, it does not deal with the imminent danger that cell phones present. Outside the sterile area, even a temporary phone is vulnerable.
As I have detailed in previous thoughts pieces, parties, be they criminal, enterprise or Government, have the technology available to monitor, and are actively doing so. But although the threat is clear, are organizations listening?
A March 2016 survey by IDG Research Services of IT leaders contained some interesting findings: while 72% ranked securing data at rest as “critical”, 57% said protecting data in use (application data) was a top priority, and a mere one in two thought it critical to protect data in transit across a network.
The IDG Data Security resource goes on to state that “Industry experts have shown that data residing in an application or moving across a network is more vulnerable to external theft. Some reports indicate that more than 80% of data breaches happen at the application level.”
So your phone, and the messaging applications it houses, is where the real danger lies. Being realistic, large organizations cannot function without them, and communication across them isn’t going to become less of a target. The good news is how simple it is to mitigate against so many of these risks – specifically data breaches at application level. Gone are the days of needing specialist equipment to remain secure – today, apps themselves can offer a drop-in security solution.
The Seecrypt and Cellcrypt apps provide the ability to communicate securely, be it voice, message or file sharing, with military grade, certificated end-to-end encryption. And when I say encrypted, I mean encrypted. While the other apps and platforms are being cracked, we’ve remained watertight. The second thing that our apps do is fit into the way the people in your organization already work – with the simplicity of a consumer messaging app, but, you know… with security that is actually secure!
To bring it back to the Rugby – New Zealand are the world’s best for a reason. They are adaptive, talented and ruthless. But they also know that good defense wins games. Whether you’re in government or enterprise, it’s always worth learning from the best.
John Robusto, CEO, Communication Security Group