As even the most mundane elements of our lives go through a process of digitisation they become a potential feeding ground for ever hungry cyber criminals. Matt Hancock, the Minister for the Cabinet Office who was speaking at a cyber security event hosted by the Telegraph newspaper, said that chief executives need to take more responsibility for customer data else even peoples “holiday snaps” will be hacked.
Are you worried that the blurry picture of you trying another local delicacy in a sun drenched street market will be making the criminals salivate with how it will aid their illegal activities? Probably not, although photos have long been used as a currency to exploit individuals, so maybe I shouldn’t be so quick to dismiss it.
Actually the Minister was just using photos as an example and was not being explicit that they are targets, it was more a call on companies who are the repositories for our digital memories and other services to recognise that they not just providing a technical service, but also a service of trust. This trust is important to all consumers, regardless of if it is placed in providers of online storage or those who are powering the nations critical infrastructure. Should any of these providers suffer a cyber breach, which apparently a quarter of all UK companies did last year, then that trust is broken and their corporate good names could be shattered as their technical failings are splashed across the headlines.
Saying that he also pointed out that computer security needs to become a basic life skill. Like many other services consumers rely on they cannot totally relinquish their own responsibility for their own well-being, even if in this case it is digital well-being.
Our collective well-being is being questioned as we lead up to the referendum on Britain’s membership of the European Union. Irrespective of the outcome UK companies who wish to trade in Europe will be subject to significant legislative change in respect of data protection and cyber security laws. The website TwoBirds.com has been publishing some highly useful guidance on what is changing.
As they point out the General Data Protection Regulation (GDPR) will come into force across the European Union (EU) on 25th May 2018, less than two years from now.
Quoting from their website, “the GDPR’s many obligations will apply to organisations which are established in the EU or which process personal data of EU citizens in connection with the offer of goods or services, or the “monitoring” their behaviour within the EU (most likely including many on-line behavioural marketing activities). So the substantial fines which the GDPR will usher in could be imposed by data protection regulatory authorities across the EU upon a UK company which did not comply with the GDPR. In many cases fines equivalent to the greater of 4% of worldwide turnover or €20m can be imposed under the GDPR.”
For a long time getting a senior management team, or executive board to consider the implications of a cyber breach has been challenging. Explaining that within two years if they suffer a breach it could lead to such hefty fines hopefully will jump start them into taking the necessary decisions to shore up their infrastructures.
A business that is of critical importance to us all, but largely goes unnoticed is that of shipping and cargo handling. With all manner of goods entering, or leaving our country through ports and their stacks of shipping containers filled with billions of pounds worth of potential bounty they are as much a target for cyber-attack as any.
Onboard systems from bridge systems to cargo handling and from propulsion to administrative to communication systems are increasingly interconnecting and networked, which means that they are subject to exploitable vulnerabilities.
The Global Trade website discussed this as they reported on the publication by the UN agency responsible for measures to improve the safety and security of international shipping, The International Maritime Organisation, who have released a set of draft guidelines on maritime cyber risk management.
In short it is based around a five point approach : Identify : Protect : Detect : Respond : Recover. I applaud the publication of these guidelines and hope that other UN agencies, or industry bodies that oversea other such critical business networks do something similar.
If you do ever find yourself on a ‘slow boat to China’, be that a cargo ship or something a little more luxurious, you will have some time to kill. If so then an edge of your seat thriller with a cyber security bent may be your reading material of choice. Sadly many tech experts get frustrated when fictional writing gets the details wrong regarding cyber security? However, a recently published book “The Florentine Deception” by Carey Nachenberg is getting high praise from the security industry its technical accuracy. The story is that of how a routine computer cleanup sets off an electrifying quest for an enigmatic and deadly treasure. Now that does sound good and far more interesting than yours, or anybody else’s holiday snaps even if they have been hacked!
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.