0 Comments |  Technology |  PRINT | 

A fortress of cybersecurity: What Kickstarter did right

Monday, 17 February 2014 | By Taskmaster

It’s not too often that a company that gets its website hacked deserves credit.


By now, you almost certainly would have heard about how the popular crowdfunding site Kickstarter got hacked. But, despite getting hacked, there are a couple of things the site certainly deserves credit for.


The first is that it only stores the last four digits and expiry dates of its users’ credit card numbers, rather than storing the whole thing in plain text. (You would be shocked at how many websites do this.)


The second is it uses strong encryption on its passwords, which are salted multiple times with SHA-1 and hashed with bcrypt. In layman’s terms, unless you have a PhD in cryptography and a lot of processing power, good luck getting those passwords.


So even when the bad guys got in, there was no conveniently accessible list of credit cards and passwords for them to pilfer. This made the attack far less devastating than it otherwise could have been.


What this suggests to Old Taskmaster is that Kickstarter had people on its IT staff who were smart enough to sit down and say: “Okay, even if hackers gain access to servers or databases, we need to make sure the most sensitive data we handle – passwords and credit card numbers – remain as secure as possible.”


To use a metaphor, imagine your computer security is like a medieval castle. The typical motte-and-bailey design featured a solid stone outer wall and moat around the bailey to keep the barbarians at bay.


Of course, as every smart aristocrat knows, the unwashed hordes and invading armies will, sooner or later, breach this outer wall. It’s inevitable. Just a matter of time.


Far off, over the horizon, you can barely see the torches. But, rest assured, they’re out there and they’re coming.


Which is why the clever aristocrat insists on a separate layer of fortified security for the most important assets of the dominion. Those brutes might breach the wall, but if they came to plunder the palace jewels, they had best be prepared for a fight!


So what’s the moral of today’s story?


First, sit down and think about what would happen, heaven forbid, if someone broke into your systems. Sooner or later, that outer wall will be breached. It’s inevitable.


When, not if, that happens, how secure is your most valuable data? Are there credit card numbers or password details they could access?


If you’re not sure, it’s worth getting a cybersecurity consultant to take a look at your systems.


Because when the inevitable happens, you want to make sure your systems are as secure as possible.


Get it done – today!