We have all known for a while that the mainstream news agenda leans heavily towards the negative. Bad news sells papers. Tragedy, trauma, suffering they all grab the attention. When reading about cyber security day in day out the vast majority of stories are negative.
This week, Asda has been outed at having shortfalls on its website that under certain circumstances left customers data unprotected and we have also seen a distributed denial of service (DDoS) attack on the Irish lottery. I’m rarely a betting man, yet it’s a pretty sure thing that next week more companies and stories will surface on the flaws in cyber security for some major brand.
What gets little press is those companies that have taken up the mantle and started to sort out their issues. This sentiment was subtlety referenced by The Scotsman this week as they explained how despite all the challenges and issues that strong cyber security can be a business differentiator. So many of the cyber related events I attend, I was at one this week, the positives of strong cyber security are discussed. Customers are more willing to trade with a company or trust an organisation that states it has meet certain standards with their cyber security. The Cyber Essentials scheme, although not mandatory, provides this opportunity for businesses, yet so many companies are not taking advantage of it. You would would think that saying ‘my business is more secure that my competitors – look here is the badge we have to prove it’ would be a compelling message, however as was pointed out in a cyber debate this week, perhaps ‘shouting about’ your good cyber security is the equivalent of putting up a big target on your company and asking hackers to ‘have a go’ at you – seems like even the positive news about cyber security is still potentially negative.
Technology Startups are usually out to change the world in one form or another with a revolutionary app, device or concept. Understandably many of them are focused on the functionality, as opposed to security. Yet security is starting to sell, so they can benefit as well as the larger companies by building in strong security from the onset. The website Tech In Asia, discussed this week how hackers found flaws in popular apps, including Indonesia’s on-demand motorcycle app Go-Jek. The story stated that “the bugs could allow anyone with the right knowledge and a simple web browser to infiltrate the company’s system, and change around all sorts of things like email addresses, phone numbers, user names, and even the virtual credit of drivers and partnering vendors”. This sort of publicity, this reputational damage can be crippling drying up a startups revenue stream almost overnight.
We all know that in the world of app stores, Apple has put up many walls of verification, thus all apps have to be approved by them before they are released to the users. Wouldn’t it be nice if during that approval process Apple checked the submitted apps for security? Perhaps they are doing this, I don’t know, but an app was given a rating, by Apple, for security that might be more useful than a rating (by users) on functionality. The world will slowly catch on that security sells, consumers want to be kept safe.
Continuing concerns over online safety has prompted the Home Office to issue plans on getting volunteers to assist the Police on investigating cybercrime. Is this any different to the 16,000 volunteer police officers? Or is this an admission that the Police simply do not have, and cannot be provided with the necessary resources of skills and technology to fight this escalating threat? The BBC reported that Home Secretary Theresa Maya stated that “said people with IT or accountancy skills were in “particular demand”, and could “work alongside police officers to investigate cyber or financial crime, and help officers and staff fight crime more widely”. Politicians are arguing the relative merits of this announcement, but using volunteers across many public sector organisations has proven worthwhile. The Army, provision of health care, charities, all rely on volunteers to do what could be deemed essential services, why not treat cyber crime in the same way? Is this a positive step, or a negative admission? I’ll leave you to decide.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of Facebook, LinkedIn and Twitter, or just click the relevant links from our website.