Why does everything always get worse before it gets better?
By Tommy Kolega, CIO of Viadex, the global IT infrastructure and deployment specialists.
Turn it off, turn it on again
The world of IT, if not the world of business too, has something of a buzz about it as 2018 gathers pace. Pundits have for so long imagined the future according to the Internet of Things (IoT), and the 4th Industrial Revolution. Now we appear to be there.
The implications for IT are extensive. No organisation is immune to the changes upon us; few would want to be. The opportunities for greater efficiencies, reduced risk and lower costs are extensive but they all come with a giant caveat: the cyber-criminal world benefits from getting smarter, leveraging improved technology, and understanding the value of data just as much as the rest of us do.
In telecoms, the 5G standard is nascent and will be a critical enabler in smart cities, cars, buildings, healthcare, public services, entertainment and basically every walk of life. Organisations don’t just have more access to more data coming in from these diverse strands of technology advancement, they are becoming truly adept at how to derive value from the data; it’s Big in every dimension – not just the classic three ‘V’s of volume, velocity, and variety – but in how it can elevate our abilities to plan the future, and bring it on faster.
Data also means something different now to hackers. Many are state-sponsored and highly resourced. Their motivations are not fundamentally financial gain. They are interested in causing harm to organisations because of what they stand for. They look to wreak havoc on governments against whom they feel they have a fundamental and justifiable grudge. Many see the west as their enemy and want to cause it harm.
As infrastructures come to depend more on the interactions between sensors and machines (the IoT) the real possibility emerges for hackers to close down cities and disable governments simply by accessing the critical systems passing messages between machines.
Although not an IoT occurrence, last year we saw how malicious parties were able to bring 81 NHS organisations in England to a state of total chaos through a WannaCry ransomware attack. With the rapid evolution of IoT, hackers can potentially hold entire countries to ransom. They will soon be able to turn them off and only turn them in again if their demands are met; and possibly not even then.
The next big thing
I recently posted a blog looking at technology trends for the year ahead. The ‘Security of Everything’ was one of my top ten topics. I said: “Ransomware is only the beginning for the new type of issues that will plague organisations and the many angles and attack vectors these issues will present to organisations and consumers directly. As the security challenge intensifies, it’s likely that solutions will get easier through Machine Learning and AI.”
No sooner had I put the blog up than I came across an article on Quantum Computing, by Satya Nadella, CEO of Microsoft, in which he underscores the critical role it will play in creating “…all of these rich experiences we talk about, all of this artificial intelligence”. An inspiring view on things getting better, I thought. The same article would have been devoured by hackers; a ‘Eureka’ moment where they discover yet another way to look for, exploit, and profit from – again, not necessarily financially – the great swirling around of data.
While many organisations are confident that they have effectively built unassailable walls around their systems, protecting their activities in the cloud, their datacentres, their users and endpoints, and critically their information assets, they often fail to address weak links they may not have thought possible.
Are you ready?
No sooner had I found encouraging words in Nadella’s expectations of the transformations possible through Quantum Computing (still, it must be said, in its early development stages, but we all know how rapidly innovation becomes mainstream in the world of technology) than I read Will Hurd’s view that Quantum Computing is the next big security risk: “The impact of quantum on our national defence will be tremendous. The question is whether the United States and its allies will be ready.”
Will Hurd is a US politician heavily involved in government cyber-strategies. Here’s the alarm bell that reinforces my own view:
“Because nations around the world, including China, are investing heavily in research and development, the world is likely less than a decade away from the day when a nation-state could use quantum computers to render many of today’s most sophisticated encryption systems useless.” I would recommend that anyone with any involvement in cyber-security reads Will Hurd’s article.
It would appear that things are destined to get worse even as we hurtle into a world of IoTs and 4th industrial revolutions, smarter commerce and healthcare, easier home lives, smarter cities and generally elevated efficiencies across the worlds of commerce and industry. If organisations are not prepared for the worse, they may well not benefit from the better. So, what’s to be done?
The other IoT is everyone’s concern
I’d suggest that the other IoT is the Internet of Threat. Like the weather, it is everywhere. It sounds self-evident, but every organisation needs a holistic approach to security. While your systems may be protected, and your firewalls in place, there is no substitute for constant vigilance.
This is not just about having a security Operations centre working on your behalf, monitoring incidents and resolving issues as they arise; it’s also about users being aware that their own actions can compromise the organisation’s data. With the proliferation of mobile devices, the perimeter around an organisation has become amorphous. Some users are conscious of their actions, many are not. The opening of an innocent looking email can open the doors to a flood of bad impacts.
In the middle of last year, UK MP’s emails were hacked. After the event all manner of poor practices were blamed, not least the use of weak passwords and the failure to undertake simple and regular system updates:
“Amid fears that the breach could lead to blackmail attempts, officials were forced to lock MPs out of their own email accounts as they scrambled to minimise the damage from the incident. The network affected is used by every MP including Theresa May, the prime minister, and her cabinet ministers for dealing with constituents. The British security services believe that responsibility for the attack is more likely to lie with another state rather than a small group of individual hackers. The number of states who might mount such an attack on the UK is limited, and, in addition to Russia, includes North Korea, China and Iran.”
Threats come not just form powerful malicious players but also as incipient risks of new computing models, discovered with each major leap forward. I believe the only way to gain peace of mind, as you continue to gain new efficiencies to drive the competitive advantage, is to adopt security approaches that look beyond the present and be aware of the entire attack continuum; the configuration of your systems and network from the core to the outer perimeter.
Our approach at Viadex is to consider people, processes and technology, to provide a road map to mitigate risk and realistically address overall security requirements. Viadex Security Services has strategic partnerships with leading security technology vendors, together with the expertise and experience required to implement, manage and monitor these solutions.
It may look as if it’s all getting worse before it gets better but the good thing is, with a holistic and forward-looking security strategy across the organisation…things can only get better.
What do you think? Are you confident that you have every base covered? Does your entire organisation subscribe to the critical importance of cyber-security? If you want to chat about these issues, please just get in touch with me via email – Tommy.Kolega@viadex.com