Written by Steve Smith
We at Shackleton thoroughly enjoy a networking event. The opportunity to meet new people, catch up with old friends, sprinkled liberally with bacon rolls or sandwiches and some high quality presentations, sees us beat a path to any door.
Recently, we had all our boxes ticked by the good people at Abertay University and Dundee & Angus Chamber of Commerce, who presented us with the opportunity to hear more about the Abertay Cyber Security programme.
Abertay are the only University in the UK that offers a Masters programme in ethical hacking and it was this subject that they chose to present on and an eye opening presentation it was for a fair number of the attendees. We learned just how successful the Ethical Hacking Masters programme is, with graduates going on to work for the great and the good in both the public and private sectors. We were soon to be treated to a demonstration as to why these students are so highly sought after even during their final years at the University….
Two of the students then took the stage to demonstrate just how easy it is to clone websites, crack passwords, etc. We were given some basic quick wins around password policy – moving numbers from the end of the password to the middle, increasing the length by taking your present password and repeating it three times, etc. The only thing that could be heard during this, except the presenter’s voices, were the pennies dropping in the audience. Gasps of “how did they do that” mixed with “oh, I never thought of that, so easy” as everyone understood how open they were to malicious acts, yet how easy it was to mitigate against this.
Ah, mitigation, the go to word in the IT company dictionary. Here’s the thing about these times we live in. Throughout the Twentieth century, our shores lived under almost constant threat of war, whereas now, that physical threat isn’t there. The war we are fighting now is a cyber war and it’s not for land, it’s for data. Like any battle, you are only as strong as your weakest link, be that human error, malicious intent or just sheer damn bad luck. Your Antivirus software will do a job, but the second it finishes updating, it’s out of date. It’s also pretty pointless without a robust backup solution to allow you to continue to do business if the worst happens. Doing these, but deciding not to have a password policy in place is, again, not defending your business adequately. Security is not a product anymore, it’s a process.
In the two weeks since this event, we’ve been contacted by half a dozen companies looking for support in their fight against hackers. This event gave them the realisation that they needed to protect their business and their people from this threat and they couldn’t do it themselves. Businesses should outsource this kind of support naturally, but many feel they can “get by” on their own. Here at Shackleton, we use an accountant to do our accounts, we use an energy broker to advise us on our plans and consumption. We might be able to “get by” ourselves, but why bother when we can employ a specialist. We’ll need the office painted soon and there’s no way you’ll see me with a 5X coverall on and I sure as hell don’t service my own car either. Get a specialist to do a specialised piece of work. Always.
Whoever your IT support company is (and if you haven’t got one, get one!), speak to them and ask them what steps you need to take to mitigate against cyber-crime. Spending an hour or two on this now will soon be seen as the most cost effective hour or two you’ve spent all year.