I am CEO of BAT and struck down by smug. Roll your eyes and reach for the sick bowl. Worse still, my moment of self-satisfaction has come at the expense of others.
Retail giants Marks and Spencer, Harrods, and Coop have all fallen victim to suspected ransomware attacks, forcing IT system shutdowns. Predictably, many are now calling for enhanced software security measures. Sophisticated hackers harvest employee information from social media and employ techniques like “SIM swapping” — convincing or bribing mobile operators to transfer phone numbers to different SIM cards. Armed with this access, they impersonate employees, request password resets from IT helpdesks, and intercept authentication codes sent to compromised phone numbers.
Four years ago, our lead developers proposed something that seemed excessive at the time: hiring a dedicated cybersecurity specialist for a firm of just four people. Though hesitant, I took the plunge and welcomed Alvaro to our team. Soon after, we implemented mandatory two-factor authentication across our systems.
The backlash was immediate. Our phones lit up with disgruntled IFAs demanding we remove what they viewed as an unnecessary security hurdle. Fast forward to today, and perspective has shifted dramatically.
The outbreak of system failure among retailers reveals that SMS-based authentication is vulnerable. While requiring users to contact BAT when changing iphones is a friction, it is clear that robust 2FA is essential for any application critical to business operations.
The cybersecurity landscape has transformed. Users have largely adapted to authentication requirements on their devices. What once seemed like excessive caution now looks like basic prudence. So yes, at BAT, we’re feeling rather vindicated. I am a self-confessed smug.