The cyber security rebellion

The cyber security rebellion
(Image credit: Shutterstock)

While most people think that staying safe online means having strong antivirus software and even using a VPN for privacy and security purposes, for businesses the problem of security is getting worse. 

European Cyber Security Month (ESCM) is the EU’s annual awareness campaign that takes place each October across Europe. Choosing the month of October has always brought a wry smile to my face: a month associated with all things frightening and trick or treat seems apt when we are all at risk from increasingly sophisticated attackers.

Cybercrime, espionage, propaganda, sabotage and excessive exploitation of personal data threaten digital trust and security. The aim of the awareness month is to raise awareness of cybersecurity threats, promote cybersecurity among citizens and organisations, and provide resources to educate and share best practices.

About the author

Campbell Murray is the Global Head of Security at Blackberry.

While bringing awareness to an issue is important, one month of highlighting cyber security issues just isn’t enough. 

Silence vs action

The Extinction Rebellion, the environmental movement with the stated aim of using nonviolent civil disobedience to compel government action to avoid tipping points in the climate system, would hardly be effective if it went silent after a month of bringing awareness to its cause. 

When national security, personal safety and business continuity is at stake, everyone should not only be aware of the threat, they should be taking action. Society believes in this when it comes to environmental and physical threats so why are we so disengaged when it comes to cyber security?

Cyber security doesn't just affect a person, but everyone around them. And in the globally connected world we live in, that literally is everyone. Infected devices have a way of infecting other devices with malware, and compromised systems can make everyone vulnerable. So cyber security isn't just about protecting you - it's about protecting all of us.

The National Cyber Security Centre recently revealed that it has handled 658 attacks on 900 organisations, including schools, airports and emergency services, and said the attacks pose ‘strategic national security threats to the UK’. The spread of cyber-attacks should come as no surprise. The number of internet-enabled devices is skyrocketing. 

Real threats

Already, there are seven billion internet-connected devices globally, and that number will more than triple to over 21 billion by 2025, IoT Analytics predicts. Thanks to the Internet of Things there is now web-enabled software in everything from planes to fridge-freezers. In an era where smart home devices can include espresso machines with IP addresses and where smart speakers are connected to the internet, a lot of effort is required to keep safe.

The threat is very real, and very immediate. And where the attacks are coming from a cause for serious concern.

Gone are the days where the only concern was the lone attacker wearing a hoodie in his bedroom. While that stereotype might have been true over 20 years ago, organised criminal gangs quickly got in on the action, stealing credit card details and testing the IT structures of retail banks to their very limits. More recently, ‘hacktivists’ like Wikileaks have tried to expose the malpractices and secrets of big businesses and powerful governments. 

And in the last few years, the advent of state-sponsored attacks have been ever increasing, with accusations of foreign meddling in domestic elections (US, France, Brexit) a massive concern. The transition from the teenager’s bedroom to the upper echelons of power has been frighteningly quick. 

It is imperative that we move from a state of apathy to a state of national readiness when it comes to cyber threats. Cyber-attacks are getting more sophisticated, and are having real life consequences for nations, organisations and citizens. The fightback must begin.

Simple steps

There are lots of simple steps we can all take. 

Businesses need to own their IT. “Owning” your digital profile means taking stock of the apps, appliances and other IoT devices that hold and use personal and corporate data on a daily basis. Solutions which use things like data encryption software provide visibility into and security for complex, interconnected IoT systems. They also help ensure devices are authenticated and data/control information is free from tampering. 

Only after building a complete picture of your personal and organisational cyber landscape can you begin securing it.  95 per cent of successful attacks on enterprise networks result from spear phishing scams. Identifying a phishing attempt is the first step: always check the actual email and web addresses when you receive an email of which you are unsure. On a technological level, the use of multi-factor authentication and dynamic security policies can mitigate even successful phishing attacks.

The most important thing to remember about cybercriminals is that more often than not they rely on human error to gain access to systems. Continued employee awareness and cybersecurity training can help strengthen cybersecurity defences by lowering the risks associated with human error.

Keeping secure

Businesses can also make sure strong security processes are in place, including ensuring employees use strong passwords, and that they are changed regularly. Yes, Password123456 – I’m looking at you. 

Keep your software updated to the latest version available because updates often include fixes for disclosed vulnerabilities. Also be wary of public WiFi, especially when connecting in new locations - hotels and other public spaces are common targets for cybercriminals due to their unsecured networks. 

And this isn’t only for the grown ups’ table. Just as we teach our kids to lock up their bikes, parents and teachers need to remind children to protect their phones and other devices with passwords. And children need to know that some things in life need to be kept secret! 

The organisations behind National Cyber Security Month remind people to Stop. Think. Connect:

STOP: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

THINK: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.

CONNECT: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer (and other devices). 

This is a great message but one that needs to be said again and again for the message to really get through. And unlike Halloween, cyber security shouldn’t be given thought only once a year.

Campbell Murray

Campbell Murray is the CEO at Merimetso. He is  an information security professional with 25 years experience, providing penetration testing and red team services to all areas of Government, Commercial and Military bodies since the industry was in it's infant stages.  Campbell is also a founding Director of the TigerScheme and created the TigerScheme QSTM/CHECK Team Member qualification as well as having continued input to the CHECK Team Leader standards. His work is mostly deeply technical, but also involves mentoring and developing my team as well as new talent to the industry.