Surviving and thriving in the age of cyber insecurity

The pace of change in Information Security is racing along at breakneck speed. Gone are the good old days of a spy rendezvous on a deserted bridge; now we have nation state cyber-attacks. Attacks that may be targeted at other governments but often spill over into the business world, just as the NotPetya malware did in 2017.

A brief history of cyber crime took guests from the Digital Graffiti of the 1980s, where hacking was mostly done for mischief with no real monetisation, all the way to the data destruction and data denial of today. Pertinent questions were thrown out to the table. Should you pay ransomware? Will you get your data back if you do? If you do pay, could you be liable for prosecution if your payment is found to have financed organised crime or terrorism?

So, what should your Information Security priorities be? Look after the basics, was the straightforward answer. “Good Information Security hygiene should be the bedrock of what you’re trying to do.” The cyber hygiene list comprised the following:

• Getting patching right
• Network and privilege segregation
• Know your Perimeter Data Process
• Having enough security people to be effective
• Email security

Large nation state attacks are what grab our attention, but in reality, few of us are at risk of being the actual target of one (and if you are, there is very little that you can do about it). But by focussing on cyber hygiene and looking after the basics, you can minimise the impact of cyber attacks. Ultimately, the world is getting faster and more dangerous, but the answer is to remain calm, focus on getting the basics right and understand what you are spending your money on.

Communication and culture are vital components to how successfully a company operates. And with the wide variety of messaging apps available outside of regulated workplace email, social media is something every company needs to take into consideration. What messaging apps are used in your work environment? It’s interesting to consider why people might choose to use certain apps, and how they have been banned in certain highly regulated industries.

Another consideration for the future workplace is going to be Facebook Cryptocurrency, Mark Zuckerberg’s latest plan for Facebook to pay users for their attention. How will companies keep their employees focused on their jobs when the temptations of social media could earn them an income? Imagine this, “Mark Zuckerberg is going to give you a token reward for every single message, for every like, for every share, for every watch, for every video and for every photo that you upload.

Once people can make $1,000 a month, or $2,000 on Facebook, with their tokens, they don’t need a job. You have labour slipping away.”

With the advent of Artificial Intelligence and 5G, a business-wide data strategy is essential. For many companies, data is a source of revenue that is being missed. While GDPR has focused the mind on data protection, businesses also need to develop a strategy to take advantage of the potential value of the data they collect – especially as the advent of 5G will mean that more and more data will be generated. It’s therefore essential to have a 5G data plan, because you’re just going to keep making more and more data.

Back to the table

The talks ended with some thoughtful questions from the table, covering the topics of nation state interference and influence, and how to raise issues such as data strategy with company boards. As the event closed, guests were left with plenty to mull over in this brave new world.