Of course, everyone has heard about hacking, but probably very few have the experience and knowledge of either Martin Overton, Cyber Specialist EMEA, AIG, or Mark Harrison from PenTest Partners, to name a few of the spokesmen. Not to mention that most of the public doesn’t have a clue on what the cyber threat really is.

Internet of Things

In the century of readily available information and interconnected devices, the need for fast and reliable knowledge has become a necessity. This doesn’t just apply to entrepreneurs and big business, but to any individual with basic fundamental needs. Interaction with all kinds of devices significantly increases the impact on consumerisation.  From computers and smartphones to our home TVs and electronic devices, they are all having a great influence in our lives today. Any electronic device or any software system that is connected to the Internet for the purposes of communication, data collection, analysis, and forecasting, can be defined as the Internet of Things (IoT). To do so, every device is provided with an identity. This can be:

• a numerical label, known as an Internet Protocol (IP) address,
• a Media Access Control (MAC),
• Radio-Frequency Identification (RFID).

According to Bernard Marr, 87% of the global population has never heard about the term Internet of Things. Furthermore, Marr states that in 2015 more than 4 billion smartphones were delivered to consumers. It is expected that in the next 5 years, this number will increase to 6.1 billion smartphones users. The worldwide marketplace for interconnected devices has grown by 223% in the last year. This increase was largely due to the 4.4 million Fitbit devices, and 3.6 million Apple Watches sold in that period.

We can all agree that the technological evolution of the Internet of Things is an endlessly developing process.

Cyber Risk Security

Cyber refers to the virtual reality, where cyberspace is the environment in which virtual networks work together to store, alter and transfer data.

When referring to those threats that are most common we’re talking about malware, phishing, SQL injection attack, credential reuse, and hijacked attacks.

Where there is a weakness, a cyber criminal will try to exploit it. His malicious intent is to gain unauthorised access to networks, through an attack, in order to steal payment card details, personal data, or organisational secrets. Large organisations are often the targets of hackers who force them to pay ransoms for not disclosing their data or to unlock their hijacked systems.

No standalone establishment can protect against the risk on its own. It is imperative that we work together to understand the challenges we face.

Edge of Network Security Forum

A very interesting and reliable solution was presented at the “Edge of Network Security Forum” in the section entitled “The Machine Fights Back: AI and the Future of Cyber Defence”.  Andrew Tsonchev, Cyber Security Specialist, introduced us to Darktrace, and no, this is not a follow-up movie to the Terminator franchise! It is instead a plug and play software solution that is able to learn your entire network. After that, Darktrace will monitor all data in real time. The software itself will give the organisation the means to identify and expose any visible cyber risks in the network and empower them to fire up a defence, countering the ongoing cyber-attacks.

Another positive mention is that Lord Evans of Weardale, Former Director General, MI5 is one of the Darktrace Advisory Board. His excellencies very well note, “we are undoubtedly living in a new era of constantly-evolving threats, which force us to re-think our defence plan. The old idea of being able to protect your data behind a wall, and block all ‘bad’ influences, is over. Businesses are global, networks are expanding, people, by nature, are unpredictable.”

Michael Goedeker, CEO, and Founder of HakDefNet discussed Cyber Risk Security Intelligence. His knowledge in the field with over 19 years of experience offers him the opportunity to train and consult the top companies in the world. HakDefNet will offer CyberNsight service – a risk intelligence platform engine. This will use real research of the network and develop advanced analyses to overcome any breaches in the system. Stolen data will be traced and users will become more aware of the threats they expose themselves to.

How many are considering the layout of a building when designing the scope of their business core? Or utility of a control room?

As very well pointed by Chris Aldous, Director, Security Design Ltd., their clients approach them after fencing risk, breaches and threats into their building or residential areas because of a bad design. And redesigning the physical Security countermeasure for a better infrastructure is an arduous path and very expensive. Their expert team can offer an impartial advice consultancy to diminish risks and strengthen proprieties.

So always consider requesting advice from:

• DOCO -Design Out Crime Officer,
• CPDA – Crime Prevention Design Advisor,
• CTSA – Counter Terrorism Security Adviser,
• Installers.

Keep in mind that police advisers (DOCO/CTSA) are not liable for their advice.

The Edge Between Physical Security and Technological Security

It may seem a boring subject, and we can all live without knowing it but when things go wrong what are you going to do?

What are you going to do when your daughter asks Amazon’s Alexa for dollhouse and cookies and ends up with a delivery purchase that you’re not aware of and did not consent to? What if, by mistake, your child ends up watching a porn channel or could order drugs or ammunition and get a visit from the counter-terrorism unit at your door?

Remember the virus Wannacry that infected over 230,000 computers in 150 countries and demanded a ransom payment in bitcoin? The estimated damage value of WannaCry was at $1 billion. A similar type of ransomware can infect your network as well.

Cyber risk security is becoming more common due to the advanced technology which daily continues to improve our already comfortable lives.

How many of the general public considered that iKettle can be easily hacked to take over your WiFi Network as pointed out by Mark Harrison from PenTest Partners?

Now consider that you’re working as a Close Protection Operative. Let’s say you’re getting out of the vehicle and preparing to open the principal’s door to escort him out. Suddenly, all doors lock down and the vehicle drives off with the principal inside. What will happen then?

Conclusion

Cyber risk security is everywhere, every day and where you least expect it. That doesn’t mean we can’t rely on technology anymore, nor that we can dispose of it. However, it should trigger a signal of awareness that leads to a change in behaviour where we currently lack, in order to tackle any breaches.

Every organisation should consider training their staff in cyber risk security. Most small-medium size businesses don’t consider themselves to be a target. Too small to raise attention, but in fact, they are more vulnerable for the same reason. Not to consider adequate training for employees is a detrimental attitude. And those who actually do it, don’t tend to follow it up with further updates on cyber risks security.

Other organisations claim to lack the time, but this reason will cost them in a ransomware scenario. Just one open attachment could infect the entire network and damage, delete or lock down encrypted files. So, could it be worth training staff for just a few hours per month to be more aware of this cyber risk scourge?

Before regretting that you didn’t realise the value of something until you lost it, now is time to act. The private sector should join hands and work together with cyber risk security specialist to put into practice viable solutions. The ultimate goal is to pro-actively defend against any threats either physical or technological.

by Alexandru Zamfir, CEO of Shield Ltd

View the original and full article at shield-ltd.co.uk