Cyber security: it's all our business

Cyber security. Let’s be clear on one thing - everything and everyone is a potential target. Your computers, phones and tablets which you access every day are just the beginning. Our lives are governed by technology, in ways we often don’t think about. From implanted pacemakers and the operating system of your motorbike all the way up to railway control systems and nuclear power plants. All of this is vulnerable. Attacks can be carried out through a myriad of ways - through software deficiencies, Operating System vulnerability and network protocol holes. Yet even if these terms mean nothing to you we’re all vulnerable to social engineering and phishing, and here it is the humble email that is the main chink in our armour.

In August of this year the Australian Federal government released its Cyber Security Strategy. Spanning the next decade and worth 1.67 billion, the government is taking the threat seriously. In the forward to the plan, Peter Dutton, the Minister for Home Affairs, writes:

Cyber criminals are ... doing great harm, infiltrating systems from anywhere in the world, stealing money, identities and data from unsuspecting Australians. They are taking advantage of COVID-19 to target families and businesses, including health and medical research facilities. And they are hiding on the dark web to traffic drugs and other illicit goods, and share abhorrent images of child abuse. Our response must be bold to meet this threat head on.

The federal government is concerned, clearly, and is putting in the cash. Yet, despite the growing risk, the world’s largest nonprofit association of certified cybersecurity professionals ((ISC)² ^[2] announced the findings in 2018 that there is a global shortage in the cybersecurity workforce. At the moment, demand for skilled workers in the field far outstrips supply. In Dec. 2019, Australian Cyber Security Growth Network stated “Cyber security continues to be one of the most rapidly expanding sectors worldwide. Global spending on cyber security products and services is projected to increase by 88 per cent over the next eight years, from around US$145 billion today to almost US$270 billion in 2026”, and “In 2018, Australia’s external spending on cyber security products and services grew by eight per cent to A$3.9 billion (compared to six per cent growth in 2017)”.

Despite it being a growth area not everyone wants to work in cybersecurity. But even if you have no intention of becoming an expert, a healthy understanding of the field is important if you intend to protect your business and yourself.

Cyber security covers security assurance including data security, software security, hardware, system and network connections, human, societal and organisational security. It requires broad knowledge and skills in operating systems, programming languages, computer system architectures, TCP/IP networking, cryptography, information security management, risk management and behavioural psychology. Of course, many cyber security professionals have a background in IT, particularly if they work in cryptography and software security. However, a tech background isn’t the only prerequisite.

“If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology” writes Bruce Schneier ^[1]. In order to protect cyber space, we cannot just count on technology. Policy and people are the other two important aspects that must augment the technology. In this way, cyber security can draw upon experts from diverse fields such as business management, psychology and public policy and analysis. As Schneier explains,

The problem is that almost no policymakers are discussing this policy issue from a technologically informed perspective, and very few technologists truly understand the policy contours of the debate. The result is both sides consistently talking past each other, and policy proposals — ­that occasionally become law­ — that are technological disasters.

But as policy makers and our leaders grapple with cyber security, what can each of us do to protect ourselves online? There's no shortage of quick tips and guides that you can find in a simple internet search to provide tools to help build your cyber security awareness, but if you take one thing away from this article it's this. Cyber Security continues to pose an increasing threat to us as individuals, our organisations, our infrastructure and almost everything we interact with each day, and whilst the government is investing big, we as individuals can play our part too. In the end, perhaps, this is the most salient point. Cyber security is all of our business, not just the tech heads.

References:

[1] Bruce Schneier, Secrets & Lies

[2] (ISC)2 Cybersecurity Workforce Study Clearwater, FL, October 17, 2018

[3] Australian Cyber Security Growth Network, https://www.austcyber.com/news-events/measuring-cyber-innovation-crucial-growth-australian-cyber-security-sector-revenue

https://www.csoonline.com/article/3295877/what-is-malware-viruses-worms-trojans-and-beyond.html

https://www.schneier.com/blog/archives/2019/03/cybersecurity_f_1.html

Dr Hui Tian is currently a Senior Lecturer, the Discipline Head and Program Director of Computer Science, within the School of Information and Communication Technology, Griffith University. Her main research interests include wireless communications and networking, network routing, network tomography and data privacy protection. She has worked closely with several companies/institutes and engaged in privacy protection and IoT projects. She has taught a wide range of subjects, including Telecommunications, Programming, Fundamentals of Cyber Security, and Digital Forensics.