Cyber Security – how safe do you feel?

For years, security experts and companies have been proclaiming loud the risks associated with information security. Preached by the choir, the congregation don’t always understand the terms and lexicons of the singing, so for the laymen amongst us, what do we know? How paranoid should we be?

There’s a scene in James Bonds Skyfall were “M”, played brilliantly by Dame Judi Dench, is answering questions to a committee regarding how relevant her department is. Her answer is pragmatic as it is scary. She informs them that what she sees frightens her, and our enemies are "no longer known to us.” and they must do battle “in the shadows.” And although her quotation of Tennyson’s Ulysses seems quintessentially British, she raises questions regarding the resources and capability to fight these enemies. Her final statement of “How safe do you feel?” should be the mantra for anyone who has data security responsibilities.

Ever since Matthew Broderick’s character in the 1983 movie “WarGames” portrayed an individual hacking into a vast secure military computer system, events like this are far from rare. So what capabilities do individuals, companies, organisations and countries have at their disposal to do some serious damage? In a world where numbers mean everything, information is king, and knowing what your enemies and friends are up to is hugely coveted. In the old days, it was teams of spies, agents, undercover operatives and signal intercepts trying to decode the thoughts and ideas of allies and foes alike. Technology has moved on, as has the targets – companies are just as much at threat as Government agencies. Action and reaction changes the landscape at a rapid rate. But the basic concept is still the same; Look after your data because somebody wants it. And you won’t always know where the threat is coming from and who is responsible.

Threats can be very intelligent. Created to attack only if very specific conditions are met – take Stuxnet as an example. Others are released to create utter chaos no matter where it ends up like WannaCry. Some people just want the thrill of getting through and into a system for the fame and notoriety. Others have far more nefarious reasons. The Third World War is already taking place – in Cyberspace. In the shadows. And we are all involved. The money and resources involved are staggering. In the first two years of operation, the NCSC revealed it defended the UK from around 1,100 attacks, the majority of which, they report, were from hostile nation states. Think you are not a target? A recent UK report showed you are more likely to be a target of a Cyber attack than get rained on. Did you bring your coat or umbrella today with you, just in case? It’s not if, but when your data is in someones sights.

It gets scarier – would you even know if you’ve been targeted? Would you know if someone has access to your data? You may never find out. The longer they have access to your sensitive data, the more they gain an advantage. Leveraging your information for their gain.

But regardless of the technology involved, or the investment we put into research and development, no matter how quick we react and update our systems, the biggest threat is constant.

Us.

Nearly 90% of data breaches in the UK were because of Human Error. This baggy sack of bone, muscle and tissue can do some major damage. Be it through stupidity, naivety or malicious behaviour, it only takes one person to drop an unencrypted USB stick, leave their laptop on the train, send a vital document to the wrong email address, say the wrong thing to the wrong person, open a dodgy link on an email or have a disgruntled employee and your business or organisation is all over the news, losing its reputation, being fined by the ICO and generally having a very bad time of it.

Training helps. Software can restrict what we can and can’t do. Making sure all your data is encrypted and secured. Governance and policies help to reinforce those ideas. Penetration Testing and CyberSecurity checks can help. But if British Airways, Marriott, Experian, Facebook, and Yahoo, to name a few, can all have huge data breaches - and they aren’t exactly badly funded - why do you think you are not a target?

How Paranoid should we be? To answer that, you have to answer “M”’s question;

“How safe do you feel?”

Probrand is an award winning provider of IT products, managed services and solutions to over 3,500 private and public sector organisations. We help customers procure IT more efficiently, and deliver IT services that run and transform business operations. Feel free to contact us if you have any queries on the article or any other aspect of IT.

Probrand home page | MarketPlace Home Page