Cyber Security Awareness Training a MUST for All

• Content

10 June 2016 | Updated 01 January 1970

Each and every security magazine or website I read further lowers my morale with regard to the risks associated with cyber crime. Every single employee or manager who sits before a computer should, nay must, now receive regular cyber security awareness training in order to inculcate a security culture across the organisation – in reality, not many do despite the fact that most breaches or attacks only succeed because of a human error.

According to recent statistics released by the Department for Culture, Media and Sport, over 66% of large businesses in the UK have been subjected to a cyber attack or IT security breech in the past 12 months – I fear that the figure in reality maybe much higher.

Our company secrets and data are the most precious secrets we process. Loss of customer data fractures confidence, destroys corporate reputation and makes the armchair criminals’ life far easier. Like all security, protection of our IT systems needs a layered approach involving software, middleware, training and awareness underpinned by procedures and processes to follow if an attack is underway. Just put Daesh and active shooters aside for one moment, the most likely threat to industry and commerce at this point in time is undoubtedly cyber crime.

Hackers' delight

And it is going to get much, much worse. Someone explained to me recently that if the current internet equates in size to a golf ball, then the future internet of things (IoT) will equate to the size of the moon. IoT describes a new era of technologies which will enable the connectivity of billions of machines, systems and devices to the current internet, uncontrolled by human minds. These will include sensors and detection systems, data storage devices and of most concern, command and control networks. The hacker community must be rubbing their hands in delight. The number of potential targets available will increase exponentially and the possibilities for them to wreak havoc will expand by an order of magnitude. One-man geeks in dark attics, organised crime syndicates working across international boundaries and terrorist cells of all hues are will receive a huge boost to their electronic malfeasance capabilities.   

In this near-time future, however, it is the potential to attack infrastructure systems which causes the greatest concern.  Imagine the hacker who can infiltrate Gatwick air traffic control (ATC) and the chaos he can cause. Meet the 17 year old who likes to play with train sets – call the train set Network Rail’s signalling system and watch the disaster unfold. Greet the cyber terrorist who breaks into a chemical plant’s safety control mechanism and causes a deadly cloud of chlorine gas to be released over Bristol City Centre. For those who are old enough to remember ‘Doomwatch’, then Professor Quist will be good for at least 2 more series!

(IoT) x (ASI) = C²

These are not fanciful or overly dramatic forecasts – they will become reality in the short term and their effects can only be exacerbated by the advent of artificial intelligence where machines, not humans, will be making the decisions. There are 2 key points in time here. The first is the point of achievement of Artificial General Intelligence (AGI) where machines achieve human levels of intelligence. The second is the point of Artificial Super Intelligence (ASI) where human intelligence is exceeded by a machine. Add these together and we have a simple formula of (IoT) x (ASI) = C²

There now needs to be what was called some years ago a ‘paradigm shift’ in resources, in policing, in sentencing and in attitudes towards protecting the IT systems upon which business, administration, infrastructure and civil order depend. Taking down a bank’s ‘hole in the wall’ cash dispensers will quickly lead to civil disorder if masses of people cannot get at their cash. Combine that with denying credit card payment technology and hunger will rapidly develop. We may believe our IT systems are robust – in effect they are at most fragile and in many cases brittle.

Chairmen, board directors and non-executive directors all now need to start asking their CEOs and IT directors some very serious questions about their present levels of protection and the plans and investment needed to defend their organisation’s jewels and treasure in the future hostile electron spectrum. If IT security is not a main board agenda item, then you have a serious problem which is about to become a whole lot worse.  

We are heading for Cyber Pearl Harbour with our eyes wide open!

C = chaos by the way.

About SERIFM

SERIFM is spearheaded by TWinFM in conjunction with TriTectus Strategic Resilience Limited. SERIFM aims to create more resilient organisations and assist the FM community to share threat data and exploit new technology. It is the intention of SERIFM to help enable this sharing. Security and Resilience In Facilities Management will provide the ideal platform to help create a highly informed customer, to demand the highest quality imagery from visual surveillance systems, to inform the supply chain of the need for resilience and to highlight new technologies, procedures and tactics as they are deployed and as experience is gained from their use. SERIFM is a not-for-profit group dedicated to leading the fight back against crime and strengthening resilience at a time of reduced national resources.

SERIFM’S inaugural conference will set the UK’s strategic resilience picture as seen through the eyes of the Metropolitan Police, the Cabinet Office, academia and the security services. The date and location to be advised.

Article written by Jeff Little | Published 10 June 2016

Share

Related Articles