7Safe Opinion - Tell us what you think!
When it comes to cyber security challenges for next generation systems, Nikoo Fullerton asks: should we wait to assess the facts, or act now?
I remember when I purchased the first iPhone. I jailbroke it (by the way, I’m no hacker I just know how to use Google) and my first thought was AWESOME! My second thought was ‘how has a small community of fans created software for such a new device??’ I mean, I had the Nintendo NES emulator on there with every game I could get my hands on, my home screen had a fireworks animation going off in the background. It was brilliant. My third thought was, given enough time, if this iPhone thing takes off what could Apple truly achieve??? Well 10 years later now we know… it changed everything!
From the iPhone to IoT, Connectivity is creating a new world of possibilities, and security challenges
Now at this stage you’re probably thinking ‘Is this guy here just to show his love for the Apple cult?’ Well no! Now we are in a post iPhone world where IoT has exploded, where you can control your car from the palm of your hands, entry to your home, kettle, fridge … I could go on and on, the question is, should we? At what point should we say ‘wait a second… if this company’s servers or app gets compromised will I be able to get in my house?’ Because who needs a key when you have a smart home that knows to let you in when you’re at the front door?
One of my colleagues at PA Consulting, and the company’s lead on all things IoT, Professor David Alexander, was explaining to me, as great as convenient these technologies are, how secure is it? The problem is that we as consumers and the public don’t know. We can’t just pick up a “smart” device, look on the back and see “This device is ISO/IEC 27034 assured”! There are no assurances and most people who aren’t in the industry don’t necessarily know what ISO is, but it’s something! I think ‘connected’ devices and the sharing of data are so deeply entrenched into our daily lives that people are starting to see cyber-attacks as the norm. This is worrying, because the problem will only get worse if it isn’t addressed.
Autonomous vehicles: game changing connected technology … but will the hackers win the game?
Take autonomous vehicles for example, they are here! BMW, Audi and Tesla to name a few have products that can do exactly this but can’t turn it on because legislation is still catching up. Authorities have not said ‘go ahead car makers, turn it on’, even though it would probably be safer than humans in some situations (slightly controversial, I know). What will happen if a hacker takes over whilst you’re driving? I’d love to sit in my car and let it chauffeur me around like Knight Rider, but unless all cars on the road are automated, I don’t think this can work unless a ‘KITT like’ AI is really in control, then this becomes a whole different conversation.
From a professional point of view during my short time in Cyber, there are still many organisations that run an open Wi-Fi policy by letting staff connect whatever devices they want to the network. Again is this a good idea? Should devices lead policy or should policy lead devices? I know which one I’d pick!
Future-proofing cyber developments: finding answers to security questions before the hackers do
I’ve raised many questions here, and personally I think that’s because there are still many unknowns. The best thing we can do to protect ourselves is to share knowledge, hire talented and experienced security advisors to make your organisation as resilient as possible, and pen test your products and systems; 7Safe and PA Consulting are experts in doing just that. If as an organisation you’re unsure how to better plan for a future of unknowns, get in touch and let’s find the answers together.
There is a quote that is used many times in Frank Herbert’s Dune,“Beware of dependencies”.
# # #
Learn more about Cyber Security Incident Response here:
How you respond to a cyber security incident determines the final outcome. 7Safe’s expert CSIR team can help your organisation to take the right steps before your organisation suffers a breach:
Cyber Security Incident Response (CSIR)
Need expert help now? Talk to our CSIR advisers in confidence on 01763 285 510
To develop your own knowledge around how CSIR works, consider taking our cyber Security security incident response training courses.