The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Cyber Security Awareness Training a MUST for All

10 June 2016 | Updated 01 January 1970
 

Each and every security magazine or website I read further lowers my morale with regard to the risks associated with cyber crime. Every single employee or manager who sits before a computer should, nay must, now receive regular cyber security awareness training in order to inculcate a security culture across the organisation – in reality, not many do despite the fact that most breaches or attacks only succeed because of a human error.

According to recent statistics released by the Department for Culture, Media and Sport, over 66% of large businesses in the UK have been subjected to a cyber attack or IT security breech in the past 12 months – I fear that the figure in reality maybe much higher.

Our company secrets and data are the most precious secrets we process. Loss of customer data fractures confidence, destroys corporate reputation and makes the armchair criminals’ life far easier. Like all security, protection of our IT systems needs a layered approach involving software, middleware, training and awareness underpinned by procedures and processes to follow if an attack is underway. Just put Daesh and active shooters aside for one moment, the most likely threat to industry and commerce at this point in time is undoubtedly cyber crime.

 

Hackers' delight

And it is going to get much, much worse. Someone explained to me recently that if the current internet equates in size to a golf ball, then the future internet of things (IoT) will equate to the size of the moon. IoT describes a new era of technologies which will enable the connectivity of billions of machines, systems and devices to the current internet, uncontrolled by human minds. These will include sensors and detection systems, data storage devices and of most concern, command and control networks. The hacker community must be rubbing their hands in delight. The number of potential targets available will increase exponentially and the possibilities for them to wreak havoc will expand by an order of magnitude. One-man geeks in dark attics, organised crime syndicates working across international boundaries and terrorist cells of all hues are will receive a huge boost to their electronic malfeasance capabilities.   

In this near-time future, however, it is the potential to attack infrastructure systems which causes the greatest concern.  Imagine the hacker who can infiltrate Gatwick air traffic control (ATC) and the chaos he can cause. Meet the 17 year old who likes to play with train sets – call the train set Network Rail’s signalling system and watch the disaster unfold. Greet the cyber terrorist who breaks into a chemical plant’s safety control mechanism and causes a deadly cloud of chlorine gas to be released over Bristol City Centre. For those who are old enough to remember ‘Doomwatch’, then Professor Quist will be good for at least 2 more series!

 

(IoT) x (ASI) = C2

These are not fanciful or overly dramatic forecasts – they will become reality in the short term and their effects can only be exacerbated by the advent of artificial intelligence where machines, not humans, will be making the decisions. There are 2 key points in time here. The first is the point of achievement of Artificial General Intelligence (AGI) where machines achieve human levels of intelligence. The second is the point of Artificial Super Intelligence (ASI) where human intelligence is exceeded by a machine. Add these together and we have a simple formula of (IoT) x (ASI) = C2

There now needs to be what was called some years ago a ‘paradigm shift’ in resources, in policing, in sentencing and in attitudes towards protecting the IT systems upon which business, administration, infrastructure and civil order depend. Taking down a bank’s ‘hole in the wall’ cash dispensers will quickly lead to civil disorder if masses of people cannot get at their cash. Combine that with denying credit card payment technology and hunger will rapidly develop. We may believe our IT systems are robust – in effect they are at most fragile and in many cases brittle.

Chairmen, board directors and non-executive directors all now need to start asking their CEOs and IT directors some very serious questions about their present levels of protection and the plans and investment needed to defend their organisation’s jewels and treasure in the future hostile electron spectrum. If IT security is not a main board agenda item, then you have a serious problem which is about to become a whole lot worse.  

We are heading for Cyber Pearl Harbour with our eyes wide open!

C = chaos by the way.

 

About SERIFM

SERIFM is spearheaded by TWinFM in conjunction with TriTectus Strategic Resilience Limited. SERIFM aims to create more resilient organisations and assist the FM community to share threat data and exploit new technology. It is the intention of SERIFM to help enable this sharing. Security and Resilience In Facilities Management will provide the ideal platform to help create a highly informed customer, to demand the highest quality imagery from visual surveillance systems, to inform the supply chain of the need for resilience and to highlight new technologies, procedures and tactics as they are deployed and as experience is gained from their use. SERIFM is a not-for-profit group dedicated to leading the fight back against crime and strengthening resilience at a time of reduced national resources.

SERIFM’S inaugural conference will set the UK’s strategic resilience picture as seen through the eyes of the Metropolitan Police, the Cabinet Office, academia and the security services. The date and location to be advised.

Article written by Jeff Little | Published 10 June 2016

Share



Related Articles

The End of Innocence

The attack in the French city of Nice has brought a new dimension to Euro-terrorism. There are three characteristics of this contemptible deed which are worthy of...

 Read Full Article
The Impact of Time - a Back to Basics Approiach

Security is a function of time. It is about detecting, recognising, identifying and causing time delay to an adversary to such an extent that something can be done to...

 Read Full Article
The Magic of Resilience

Since the BREXIT option was selected democratically by a majority of the UK population, the word ‘resilience’ has been used widely and frequently by both...

 Read Full Article
Istanbul Attacks - Another Lesson to be Learned

In light of the dreadful attack on Instanbul's Ataturk airport, SERIFM's Jeff Little says we need to stop with the referendum blues and party squabbling and start...

 Read Full Article
A Lack of Situational Awareness in the Information Age?

We live in the so called information age. Numerous communication means are now open to us. And yet still, when things do go horribly wrong, organisations are utterly...

 Read Full Article
Stormy Weather Ahead for UK Resilience Resources?

There can be few who can continue to deny the existence of climate change. Higher sea levels, regular flooding, the frequency of extreme weather events and sea...

 Read Full Article
Uprising - Stretched Services Can't Cope

Wednesday’s announcement that the threat level on the UK mainland from Northern Ireland related terrorism has been raised from ‘moderate’ to...

 Read Full Article
Stop Letting the Guard Down

The government is urging UK businesses to protect themselves from cyber criminals following government research showing two-thirds of them suffer from cyber breaches or...

 Read Full Article
WannaCry - Don't...Just Learn the Lessons

Earlier this year, ransomware took centre stage in one of the largest outbreaks ever, hitting a huge number of companies across the globe, writes Ravid Circus. There...

 Read Full Article
Ransomware - the Protection Racket

ThisWeekinFM has been making a racket about Cyber Security because vulnerabilities are exploited at a personnel and personal level - where FM's should have some...

 Read Full Article