Interesting times for information security professionals
There is an old saying, which some attribute as an old Chinese proverb, that states “May you live in interesting times.” Some say that this is a blessing you may wish upon a friend, while others say it is actually a curse. Within the information security industry it is indeed true to say that we are living in interesting times.
There are the constant updates and changes to the technology being used both in our personal and business lives. The way we work and interact with others is constantly changing. It is now not unusual for companies to have employees working remotely, checking emails from home or the road on their smartphones and/or tablets.
Through the wonders of the Internet a business can be available and reach out to millions of potential new clients in other countries. We collaborate and share information with each other, partner companies, clients and vendors quicker and easier than ever before. The way business operates is changing too thanks to technology. Tasks that would traditionally took longer to do manually are now automated and done much quicker, information is processed and analysed faster allowing decisions to be made quicker, and money can be transferred to customer or suppliers bank accounts with the mere click of a mouse button.
What was science fiction a few decades ago is now science fact as technology such as smartphones allows us to communicate and collaborate with each other in ways that a few decades ago would be unheard of. We can bank and shop online, we can watch videos of events happening anywhere in the world almost as soon as it happens, and we can share our personal trials and tribulations with friends and relatives no matter where they are through social networks.
Our modern lives, economies and societies rely more and more on the digital realm than ever before. This ever increasing reliance on technology brings with it many new threats and also amplifies existing threats. These threats range from the atypical curious teenager attacking computer systems to see what damage they can do, to hacktivists looking to highlight their cause through digital mayhem, to criminals looking to pillage our digital wallets, bank accounts and data, and to state sponsored entities looking to steal national and industrial secrets.
Just as technology has enhanced and made our lives easier so too has technology better enabled these threat actors to impact our lives in a negative fashion. We also have to contend not only with the deliberate disruption of our computer systems by certain actors but also the accidental failure of core computing systems to impact on our lives.
The IT outage at the RBS banking group in the UK is a prime example of how interconnected our digital lives have become. The outage over a number of days impacted on individuals who could not gain access to their bank accounts, on companies who were unable to pay their staff and vendors and led to many business deals collapsing. The digital woes of one organization had major impact on the lives and businesses of countless others.
So the technical advances of these “interesting times” can also be viewed upon as a curse. Our constant battle against those who cause harm, either deliberately or accidentally, to our systems, data, finances, economies and societies may seem endless. Indeed there are some who will say that at times this may be a hopeless task.
The life on an information security professional can be indeed be seen as one lived “in interesting times”. However, I argue that it is up to us to decide whether these “interesting times” will be a blessing or a curse. If we constantly look at the negative aspects of technology then it is inevitable that we will view it as a curse. If all we can see is threats and not opportunities then we will constantly be fighting a losing battle.
We need to focus on the benefits that technology can bring to our lives, both our personal and business lives. Instead of looking at how to prevent technology or access to that technology, we need to look at how to safely engage with it so that in our business and professional lives we can fully embrace the benefits that technology brings.
To make living and working “in interesting times” a blessing we as information security professionals need to engage better with those around us so we understand their needs and develop secure solutions to help them meet those needs. We need to be more proactive in how we approach people and organizations in order for them to buy into security initiatives.
I often cite the mantra that security should be viewed like brakes are on a car. The immediate reaction when you think of brakes is that they are there to stop the car. But if we look at it in a different light, without brakes on a car we could never travel fast or turn corners. So brakes are there to help the car get to its destination quickly and safely. Likewise we need to think of security as not a way to stop people or businesses from doing certain activities but to enable them to do them in a safe and secure manner.
So shall we regret living “in interesting times”? I certainly hope we don’t. Only time will tell but through this column lets work together to reap the blessings those “interesting times” bring.
Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland’s first CERT. He is a Special Advisor to the Europol Cybercrime Centre, an adjunct lecturer on Information Security in University College Dublin, and he sits on the Technical Advisory Board for a number of innovative information security companies. He has addressed a number of major conferences, he wrote the book ISO 27001 in a Windows Environment and co-author of The Cloud Security Rules. He regularly contributes to a number of industry recognized publications and serves as the European Editor for the SANS Institute’s weekly SANS NewsBites.