The Week In Review : 19th August

NCSC_WIR_Logo_19082016How many times can you recall that in your own life technology has been ‘blamed’ for something? Often I have heard how people didn’t receive an email, lost a document, or missed a meeting as it had been deleted from their calendar.

I’ll admit that technology now and again in its early days, its nursery days, may have been a bit wobbly on its feet, but right here right now midway through the second decade of the twenty first century it’s pretty robust.

Sadly, though its wobbly reputation lives on and when that is coupled with the ever invisible menace of cyber security you get a healthy combination of challenges. We are all watching with bewilderment the unfolding of the USA election, which has generated more than its fair share of column inches, but there is now a concern that the forthcoming selection of the most powerful person in the world might be interfered with by cyber criminals.

The news organisation CNBC detailed how a majority of cyber security professionals think cybercriminals are interfering in the U.S. election, and agree with the 2016 Republican Party platform endorsing strike-backs against hackers. They reference a study done by cyber security company Tripwire whose findings included “Two-thirds of respondents said cybercriminals were influencing the outcome of the upcoming election and the vast majority of respondents — 82 percent, of the 220 security professionals interviewed — believed that state-sponsored attacks around elections should be considered acts of cyberwar”

Is this a real threat? Is this a theoretical threat? or is this laying the ground work that should an election result be nail bitingly close that somehow technology, and its use thereof, can be ‘blamed’ for its outcome?

CBR Online published a long form article this week, titled “AI is to cyber security, as the Terminator is to John Connor”. Despite the authors reluctant admission on using Terminator references, these sort of ‘real world’ examples are highly useful when explaining complex ideas to a wider audience. From what I read AI does appear to be the long term solution to mitigating the ever changing and increasingly complex cyber-attacks as us humans just suffer from information overload when dealing with such vast amounts of data.

The article explains how “One of the key advantages of AI solutions is the ability to establish behavioural patterns, otherwise known as “profiles”, from largely unlabeled and unstructured data. These patterns provide additional insights to our security experts, and are also utilised as additional inputs to further machine learning processes”. Their conclusion is of course not that AI will rise up and take over, but how AI will be a valuable resource, a co-worker, leading to how humans and AI can become the ultimate team – just like the Terminator and John Connor.

If you are faced with cyber security challenges now and you can’t wait for the AI revolution, maybe all you need is a little common sense to attack the issue. This is exactly what Forbes suggested in their article “How To Implement A Common-Sense Approach To Corporate Cybersecurity”.

Their first suggestion is ‘Knowing What And Where to Protect’, the simplicity of this statement undersells its insight. All companies and organisations can with relative ease identify their most precious digital assets – finance, intellectual property, HR records, customer lists, supplier contracts – in fact a 10-minute brainstorm session with a senior management team and you would easily have that list. Then you can decide how to start protecting it. Common sense indeed!

Another common sense point they make is ‘Performing A Holistic Risk Assessment’, by this they mean adding cyber risks to the standard risk register that many companies already keep. Then they can be assessed in parallel with existing risks and assigned priority based on probability of attack and potential impact, as well as a mitigation plan and a responsible party. This is a process that already is undertaken and something that I have had personal experience with, so it makes sense, yes common sense, to approach cyber security not as a separate entity but as an addition to other threats that may affect business continuity.

So what will win in these political battles? Will cyber criminals beat the politicians? Will common sense win out over more complex mitigation strategies? If only the AI was around now to tell us!

For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.

Share: Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone