Sex, celebrity and cyber security may sound like an unlikely combination, but this week it actually happened. In a huge leak photos of naked celebrities were plastered across 4chan, prompting a flurry of accusations and media comment.
Unsurprisingly the first order was to work out who to blame. Kirsten Dunst, an actress affected by the leak, took to Twitter to attack Apple’s iCloud service, which many believe was corrupted somehow. Others cheerfully noted the folly of being famous and posting such pictures, leading to much political quarrelling across the blogosphere.
Forbes journalist Kashmir Hill dubbed the advice not to submit nudies over insecure networks "sext abstinence education", before calling for a focus on practicing "safe sext". "It simply doesn’t work anymore to say ‘If you don’t want it exposed, don’t do it in the first place,’" she said, adding that we all have digitised data that we would rather not be let loose.
She’s not wrong in her last comment, but cyber security does not see abstinence as the mere priggishness of puritans. At the FT Cyber Security Summit only this week an industry expert told CBR that the "crown jewels" of security (pun maybe intended) are sometimes best left entirely disconnected from the internet.
The call is to marry data sensitivity to adequate protection, because not all data is equal. The Information Commissioner’s Office, responsible for data protection in the UK, treats health and social service data as more sensitive than login credentials, or even financial information.
For business there’s not merely importance to an individual, but the relation to operations. Information critical to the running of the business should be obsessively guarded, while trivia is given looser protection. Damage against the European Central Bank in a recent hack was limited because payments data was segmented from the rest, and likely better protected.
Advice that Hill dismisses as unworkable is actually something of an industry standard. Her calls for better security are justified, but in the mean time nobody can afford to be utopian. While celebrities get sympathy for their lack of cyber security smarts, businesses will receive no such compassion.