Lessons Learned

lessonslearned_imageHave we learned our lessons from cyber security? Maybe not as well as we should have done.

“Why don’t you ever learn!”, would be a familiar phrase to me as a child as I could never resist the temptation to touch wet paint just to see if it was wet or not. Of course it was wet, but why didn’t I believe it? Every time I’d touch it I’d get a small dot of white gloss on my index finger and then feel bad that I continued to ignore warnings about it being wet.

I’d have to get a bit of paint thinners, turpentine or some other chemical that I really don’t think was doing my skin much good in order to remove this visible symbol of my continuing lack of judgment. Now many decades on have I learned my lesson? Yes, but only just. Even now the temptation to ignore wet paint warnings is very strong.

In another generations time we may collectively have learned our lesson, not in the touching of wet paint, but with cyber security. If you are working at the sharp end of IT it’s unlikely that you get a chance to look back at what has come before and learn from it. IT is mainly about the next upgrade, the next technology, improving speed and efficiency, it is not an industry that is known for much reflective consideration. Had we been more reflective and considered the wider implications of global connectivity and data sharing then the current wave of cybercrime may not have been as severe as it currently is.

Considering the current warnings about cyber security and the reactive plans that are being swiftly adopted to mitigate its effects can we all rest easy that lessons have been learned and we won’t put our collective fingers on the wet paint again? Hate to break it to you but we haven’t learned and are about to place all our fingers and our palms into the paint pot itself! We are slowly sleepwalking into an internet of things (IoT) future and not suitably addressing the security implications of adding billions more devices to the global internet.

Stories have made headlines about internet connected baby monitors being hacked by cyber criminals. How Wi-Fi kettles can expose network passwords and how connected cars can be stopped in their tracks by hackers from many miles away. This is just the start of it. The predicted growth in the IoT market runs not into billions of dollars but trillions! There is a race underway to take any device, domestic or industrial, and get it communicating.

If you want to extrapolate this connected world to its most frightening conclusion, one where security is very much playing second fiddle to functionality, then look no further than Hollywood. As we know popular culture in the form of films can take a story from the news and stretch it to its extremes but keeping it just on the right side of fantasy. They have just done this with the IoT in a film appropriate called ‘I.T.’ with the rather sinister tag line ‘your life is not secure’

I won’t spoil it for you, but in essence a business man with the top of the line fully connected ‘smart house’ has a bit of a falling out with his top tech advisor. Things then turn nasty.

Will this be the future we face? Let’s hope not but lessons must be learned why so many security flaws were left in products and services that we all rely on before we start wiring everything else we own up to this still relatively insecure communications medium.

The answer to the IoT conundrum is to simply do your homework. If you are wowed by the functionality of a product and believe it to be a ‘must have’ then before committing to purchase and installation, determine its security features. Google the product with the term ‘security flaws’ added to it and see what you discover. If at any point you are concerned that your personal data may be compromised then step away, it’s not worth the risk.

In the race to smother the world with IoT devices you do not have to be the early adopter, let the market settle, see who becomes the leader in smart, secure connected devices and then choose wisely. To date many people only have a handful of devices, that might be connected to a dozen or so services. All of which are potential security risks. With the IoT that will multiply tenfold, even at the most conservative estimates.

So don’t rush in. If the sign says that the paint is wet, then trust it and don’t touch!


On Thursday 6th October friends of the NCSC, the Malvern Festival Of Innovation, have an entire day of FREE events and presentations on the topic of Cyber Security & IoT.

The session will showcase cutting-edge developments from some of the UK’s fastest growing and most advanced cyber security SMEs alongside thought provoking insights from multinational experts in the field.

For more information and to book your place, follow this link.



Share: Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone