Back in the day, when I was a young Computer Science student the media sold visions of us computer geeks to be very much like the cool kids in Hackers, this is what we aspired to be. I like most of my friends at university, knew enough about how to bypass most system security, but perhaps we weren’t quite socially inadequate enough to be good programmers and actually do any damage.
Given my frequent rants on government policy on business growth and transport providers, it probably isn’t a bad thing that I didn’t acquire those skills. Rather than the cool kids in Hackers, I could easily start a Die Hard 4.0 fire-sale when met with the constant failure of Northern Rail to do anything right.
As much as us IT people were glamorised in the mid-late 90’s, a few of us grew up, a few of us changed careers and a few of us are still trying to grow up but that doesn’t mean the youth of today aren’t doing the same things we did – with an increasingly more connected world, better and cheaper technology and the ability to do much more damage than run an .exe file that your system admin isn’t keen on you running…
The UK Government even has a Cyber Security page, the fact they call it ‘cyber’ perhaps already means that their strategy is over 15 years later than it should have been! However, this shows the relative importance the current government is placing upon information security.
I don’t know whether it comes into the minds of other IT Professionals or even Company Directors, but it is certainly a thought that passes my mind quite frequently. What would I have done with the technology I have now, back in my youth when I had oodles of time not spent on anything in particular. Unlike setting fireworks off in the school drainpipes or throwing eggs at passers-by, today’s kids have the potential and access to bigger and better pranks.
The sad thing is, unlike minor legal infractions that a bobby on the beat would have once resolved on the spot with a shouting at or even taking names down, in the case of cyber security, if the kid is caught– the penalties instantly become much more severe. Personally, I believe that authorities are far from geared in dealing with this type of crime and there isn’t really, despite the ‘cyber security’ strategy an impetus to get this expertise in the right places.
Indeed, anyone who even touches ‘cyber security’ is probably going to be the one ridiculed in the office and jokes about the film Hackers will come back. Indeed most of the measures most businesses need to do to prevent many problems are relatively simple and need to be trained and understood to all people in the businesses.
- First of all, I think we should ditch the term ‘cyber security’ for no other reason than it makes me cringe!
- Let’s call it information security, because that’s what ultimately we are looking to protect.
- All employees should be taught about password strengths and why it’s necessary to change them regularly.
- Most employees should be made aware of the basics – security of web pages, not downloading ‘mobile code’ active-x and java to us IT people.
- The company directors should also be aware of what a firewall is, what firewall rules do and have some basic understanding of ports and why they should only be open for the services actually required.
It really is the responsibility of company directors to know enough about their systems in order to ensure that adequate controls are in place. It is ironic that the biggest driver that pushes sales of information security management systems, training, software and hardware is not a desire to protect information proactively in order to minimise the potential damage to a business – but in most cases after a breach has already happened.
Unleashed IT are here to help company directors and IT managers alike with issues such as *cringe* ‘cyber security’ we develop bespoke training, consultancy and implementation programmes around this and many other IT issues. Hack the Planet!