You know the routine : got my tickets, got my passport, got my foreign currency. All set to head to the airport for another business trip. Seasoned business travelers are now becoming prime targets at airports to be ‘digitally mugged’. According to a report by Kaspersky labs of 11,850 business people, the pressure of getting online to keep on top of work clouds individuals judgment when connecting up to the internet.
It suggests that our desire to get online as quickly as possible overrules any thoughts about connecting securely. We all know that using insecure Wi-Fi networks is risky, yet in this survey 44 percent of people will use one and transfer work emails with sensitive or confidential information. Worryingly 53 percent of those at fault are business leaders and 46 percent are mid level executives. These are the very people who should know better and be doing everything they can to protect their company’s data and intellectual property.
Password managers and VPN solutions are widely available for mobile devices and work incredibly well at securing the device and mitigating the risk. Why those who were surveyed are not using them, or perhaps haven’t been advised to use them beggars belief. If only they could see how insecure networks can be used by criminal to ‘sniff’ out usernames and passwords then they may change their digital behaviour.
There is no doubt about it cyber security is very much a game of cat and mouse; but who is the cat and who is the mouse? It seems that presently the criminals are in the dominant position, as pointed out The Telegraph this week. As they state, the idea that teenagers could overpower a major British corporation inflicting millions of pounds worth of damage came as a shock to members of the government, businesspeople and the public. This shock has caused the UK Government, and industry, to start heavily investing in cyber security strategies. Despite this investment, even the National Crime Agency admitted that the “accelerating pace” of criminal ability is outpacing the country’s defences.
This all may sound like doom and gloom, but they do highlight as we have done at the National Cyber Skills Centre, that bug bounty programmes, which allow ethical hackers who find holes in companies’ computer systems to report them and earn a reward, can assist greatly. In fact, they go as far as to quote Mikko Hypponen, the chief research officer at cybersecurity and privacy company F-Secure, who says “Every company should be running bounty programmes. And I don’t mean software companies, I mean every company. Because today every company is a software company.” – wise words indeed.
Yet another report on cyber security was released this week, from BT and KPMG. One of their findings, from surveying 100 C-suite personnel and directors, echoed a statement made by GCHQ earlier this year, that there needs to be greater collaboration between businesses on the cyber threats being faced. “Telecoms companies, ISPs, banks, credit card providers, insurers and the security industry in a concerted effort to make it harder and more costly for criminals to pursue their objectives”, the report stated, which is a fair assessment, however they did fall short of saying exactly how this collaboration may work in the real world.
The FT discussed how cyber security will soon be the work of machines. Would this be the solution for collaboration on threats? In their article they explain that computers are already used to detect vulnerabilities in networks, and to ferret out malicious software that can exploit chinks in security. Once a flaw is detected, though, the remedy requires human input — and it can take months for software engineers to effect a fix. This means the status quo favours cyber attackers over defenders. When we get to the point that computers can then apply the necessary ‘fix’ and we have ‘self healing’, which I know is in the works for many large scale IT providers, then we may start to turn the corner.
And when that day arrives, we can all fly off on business trips and almost forget about security; well forget about cyber security, as I’m sure we will still have to take our shoes off at the more traditional style airport security.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.