I regularly have coffee at my son’s bar, and I overheard a conversation.
More a robust discussion.
A number of people, in the digital security space of a government department, were generalizing about Digital security.
There was a certain individual there who had a very different outlook on cybersecurity. He said “I know it all, and you know less than me”. At this I almost choked on my coffee.
In the Digital security realm this is an exceedingly stupid thing to say.
He may know more than me or anyone else. I will be the first to admit that I don’t know it all, but knowing everything!
That is just crap!
If he is conveying this to the C level executives and board members then this department has serious problems. The digital criminal is quite happy to take people like him and make them a public spectacle.
I, for one, am amazed at the tactics, strategies and capabilities that the true cybercriminal brings to the game.
I am not talking about the wanna be’s, the script kiddies or the people who use automated systems to scan the digital world for vulnerabilities to target. The true hacker is someone who knows what they are doing.
These are the true masters of the craft.
In most cases, protecting against some of their full blown attacks is damn near impossible.
What happened when stuxsnet and Duqo were released into the wild. The source code was changed into something else entirely. With different payloads and attack vectors it became one of the true hackers major weapons. There are many more like them.
To be a target of a true hacker you have to have something that they want.
It has to be worth their while.
If you have significant cash reserves, important trade secrets or a huge digital presence, then you are a target.
Most SME’s and not for profit Organisations are not in that space, although they may be collateral damage in an attack on someone who is that they work with.
People in the security area of any organisation have an understanding that the process of protection is always evolving. They also understand that the evolution requires the Organisations protection systems to morph into areas where it has never been considered. This happened recently with the adoption of cloud technology and will happen again with the introduction and take up of the Internet of things (IOT).
You have often heard me talk about “the game”.
The “game” is played by the professionals who are interested in making an organisation secure. Winning the “game” is going to bed with the knowledge that today was a good day. Tomorrow may not be! Playing the “game” is doing everything that there is to do, know and understand and applying it so that information within the organisation is safe.
The “game” is about accepting that there are other ways to compromise a system and the defense of the organisation is a holistic process. There is no money or wealth driven motive behind getting into cybersecurity, if there was they would be making a hansom living on the dark side. This is something that the makers of software and applications forget.
This is also applied to the maker of security components. We all know that there is no silver bullet that will fix all of the cybercrime problems.
But most vendors sprout it like theirs is just that.
Do this and you will be secure, don’t worry about the USB in the carpark, the forgotten default password on the router, using unsecured wifi to access the bank account or the insecure access to your intranet. We won’t talk about that!
Digital protection is all about being holistic. There is always a place for technology, but technology will save your organisation – no. Putting the right management in place, making sure the organisation is adaptable or flexible and then making sure that you comply with all of the regulations for your government and industry. That creates robust digital security.
We are not focused on the technical (although we are very good at that) side of your business, we are focused on making your business reach its full potential
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework. He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.