By Shola Ewuola
Cyber-Security is a broad and varied neck of the woods, and has taken me on an interesting and exciting journey over the years. Through my work with both governmental and private institutions, both in the UK, and on the African continent, I have seen many things – and BOY do I have some stories to tell (not that I would – client confidentiality and all that)!
But the fascinating thing is that no matter the country, the client or the cause – the same surprising things keep coming up, so I thought I’d take a minute to expand on this.
Cultures are so different around the world, and yet what is true is that they lay over universal truths and human nature – and needs that are common to us all… The most common cyber security mistakes I see highlight them all.
1. Someone else-ism
Cyber attacks happen each and every day – and yet EVERYONE thinks that it will only ever happen to someone else, never to them.
Everyone thinks that they’re invincible.
We all do – and social media backs it up with our selfies and our ‘Best life’ Hashtags.
Cyber attacks happen each and every day – and yet EVERYONE thinks that it will only ever happen to someone else, never to them.
But that could not be further from the truth.
I’m always struck at how vulnerable the average person is to being hacked, in so many simple ways, and how oblivious people are to their vulnerabilities.
But no one ever thinks it’ll happen to them.
So we continue to play Russian Roulette with our Cyber security.
Picking up Vishing Calls.
Walking around with our phones begging to be ‘BlueJacked’
With our passwords, begging to be cracked in milliseconds (or is it 123…)
Innocently downloading “virus laden” attachments from friends
Leaving personal documents un-shredded
And getting annoyed at the numerous reminders to update the antivirus on their PC’s and devices…
And then when we are hacked or attacked it dawns on them.
Cyber-Security isn’t just for big corporations or the head of Twitter… it’s for each and every one of us. The threats are real (even if you don’t have much in the bank) and it’s important we take really small precautions to keep ourselves safe in the online space.
Just in the same way we lock the door to our homes, we need to secure our phones (turn off your Bluetooth), our devices (make sure your anti-virus is up to date) and our mindsets (be wary of the ‘calls from your bank’) when it comes to keeping our cyber-selves safe!
2. The Weakest Link
I’ve planned, built, worked on and protected some huge and complex networks in my time.-
And whether for governments, or institutions, here in the West or in the emerging markets… the weakest link in the security equation is never what you think it is…
It’s not the design of network, or the soft or the hardware.
It’s the people.
As Stephanne Nappo, Global CISO at OVH has said: “Cyber-Security is much more than a matter of IT”
I’ve found that no matter how brilliantly and securely a network is designed or layers of defence-in-depth, if time is not invested in training and supporting the human element of the equation, then all that security and technology is useless.
If time is not invested in training and supporting the human element of the equation, then all that security and technology is useless.
“A chain is only as strong as it’s weakest link” is a powerful proverb in the world of security as it causes you to find and focus on your vulnerabilities.
But the mistake we often make is constantly focusing on the tech element – when we need to focus more on the human one.
In the world of ‘White hat’ or ‘Ethical’ hacking 2.0 – it will not just be introverted geeks at a PC saving the world with each keystroke – it’s absolutely going to take and need incredible communicators, with fabulous people skills:
That’ll help those we serve to understand the nature and severity of the threats they face.
That’ll help train those who use the networks we built to take the necessary precautions and in doing so elevate the effectiveness of the tech side, but upgrading the human side!
3. The Speed of the Dark Side
It’s not a matter of ‘if’ you may be attacked, but ‘when’ you will be…
Yes, just like Star Wars – “cyber-sphere” is very much about the light and the dark side…
And your mind will boggle if you see just how fast the dark side moves
Not sure it’s because the stakes are so high, or the huge reward potentials – but as soon as you find one loophole, 10 more pop up instead.
The game of cyber whack-a-mole is very much dominated by the dark side, and so it’s incredibly important that you don’t get complacent about what could happen.
We are talking state-sponsored cyber warfare and it’s not-too-distant cousin “cyber-crime”.
Misguided individuals with sophisticated ICT capabilities have upped the ante in maliciously intervening in electoral processes, carrying out distributed denial of service attacks, completely wiping out people’s life savings amidst other mindbogglingly callous acts.
It’s not a matter of if you may be attacked but ‘when’ (I hate to break it to you)
But it’s those with that mindset that are less likely to be victims of cyber-crime – because they take a diligent and proactive approach to keeping themselves safe.
So remember…the cyber domain is a world without borders and difficult to track.
Protect yourself and those you love by taking it seriously and recognising the importance of cyber-security measures to keep you safe.
What trends are you seeing over and over again? Use the comments below and let me know what surprising trends and themes keep coming up on your cyber-security journey.
–Ewuola, CEO of Golden Dust Concepts is a Network Security Specialist| Certified Field Ethical (White Hat) Hacker| Network Security Strategist. He wrote in from London
