Paul Wallbank – Brilliant Communications

Tag: networks

  • Probing the weakest links of the banking system

    Probing the weakest links of the banking system

    The breach of the Bangladeshi banking network has been shocking on a number of levels, not least for the allegations the institutions were using second hand network equipment with no security precautions.

    Fortunately for the Bangladesh financial system the hackers could spell and so only got away with a fraction of what they could have.

    Now there are claims the SWIFT international funds transfer system may have been compromised by the breach, which shows the fragility of global networks and how they are only as strong as the weakest link.

    As the growth of the internet shows, it’s almost impossible to build a totally secure global communications network. As connected devices, intelligent systems and algorithms become integral parts of our lives, trusting information is going to become even more critical.

    The Bangladeshi bank hack was a lucky escape but it is an early warning about securing our networks.

    Update: It appears the hackers were successful in getting malware onto the network according to Reuters but, like their main efforts, were somewhat crude and easily detected. One wonders how many sophisticated bad actors have quietly exploited these weaknesses.

    Similar posts:

  • The Internet of Things runs ahead of standards

    The Internet of Things runs ahead of standards

    A week or so ago we reported why LogMeIn’s CEO, Bill Wagner, wasn’t interested in participating in the Internet of Things industry groups as they are too bureaucratic and slow in a fast moving sector.

    Last week I asked John Stewart, Cisco’s Chief Information Security Officer, about how the networking giant thinks about this attitude given Cisco is a key member of a number of IoT standards groups.

    Stewart’s view is nuanced, “the notion of open operability versus standards is where the world needs to be. We’ve been pushing this notion of open interoperablity knowing that standards might take longer but yet you don’t want to create these islands of operational capabilities that need to be stitched together in weird ways. That would add friction to the world.”

    “There’s not much room for non-interoperable systems as they would have to connect with something else,” Stewart added.

    In this, Cisco’s Stewart agrees with Ericsson’s Esmeralda Swartz who believes device diversity will beat vendor’s attempts to lock customers into their IoT platforms.

    While it may be true that industrial and smartcity technologies will be interoperable in order to work within complex systems, it’s highly likely many consumers devices will be locked into proprietary systems so vendors can monetize them.

    For consumers, users and citizens the questions of interoperability and standards are going to be a pressing question as connected devices become common and in some cases unavoidable.

     

    Similar posts:

    • No Related Posts
  • Reaping the security dividend

    Reaping the security dividend

    Boards and executives have finally got the message about security John Stewart, Chief Security and Trust Officer at Cisco.

    For most of the computer era security has been seen as an inhibiter to innovation and speed to market, but now with most businesses finding they face a three year time frame to transform in face of digital disruption Stewart says corporate managments now see security of their products as being a valued feature.

    Stewart bases his view on an online survey, Cybersecurity as a Growth Advantage, where Cisco polled 1,014 senior executives with extensive cybersecurity responsibilities in 10 countries and 11 in-depth interviews with senior executives and cybersecurity experts.

    From this, Cisco found a third of businesses now sees security as being a competitive advantage.

    Digital disruption drives the shift

    Stewart puts this down to boards and senior executives realising how widespread digital disruption is, “it’s highly unlikely Weight Watchers saw the disruption coming from Fitbit,” he muses. “In fact it’s hard to see how anyone could have seen that coming.”

    As a consequence of these widespread and often unexpected disruptions, corporate leaders are trying to shore up their existing positions against unforeseen competitors by shifting to digital platforms as quickly as they can.

    “We have to do digital and if we are going to do digital we have to have strong cybersecurity controls,” says Stewart in explaining why cybersecurity is an important part of this strategy.

    Security as a cornerstone

    “By making cybersecurity a cornerstone of their businesses, security-led digital organizations are able to innovate faster and more effectively, because they have significantly greater confidence in the security of their digital capabilities,” Stewart says.

    Certainly managers are worried about the risks of going digital with Cisco reporting many businesses have put projects on hold due to concerns about security risks, “a lack of cybersecurity strategy can cripple innovation and slow business, because it can hinder development of digital offerings and business models.”

    According to Cisco’s findings, seventy-one percent of executives said that concerns over cybersecurity are impeding innovation in their organizations. Thirty-nine percent of executives stated that they had halted mission-critical initiatives due to cybersecurity issues.

    Encouraging moves

    While the possibility that corporate leaders are taking cyber security seriously is encouraging, that change is yet to be seen in the marketplace, particularly in the consumer Internet of Things market where being first trumps security, design considerations or even basic safety.

    The real test for how important cybersecurity really is remains in the marketplace — will customers pay more for secure products?

    One sense that in Cisco’s marketplace of enterprise customers where security failures could have expensive, embarrassing and possibly catastrophic consequences, customers will pay more for trustworthy devices. In the consumer field it may well be different.

    Probably the most important finding from Cisco’s survey is that businesses are now understanding security has to be designed into products and processes rather than being bolted on as an after thought. If that is true, then we have come a long way.

    Similar posts:

    • No Related Posts
  • Telstra’s five ‘knows’ of security

    Telstra’s five ‘knows’ of security

    Telstra, Australia’s incumbent telco, held their Cyber Security Summit in Sydney today looking at the issues facing organisations in protecting their networks and data.

    One of the recurring themes speakers raised were the ‘five knows’ that Telstra’s security people believe are the core of business security.

    Those ‘knows’ sound simple but in truth in they are hard to carry out in even a small, simple network;

    • Know the value of your data
    • Know who has access
    • Know where the data is
    • Know who is protecting the data
    • Know how well that data is being protected

    With these five rules we’re moving into Donald Rumsfeld territory of ‘known unknowns’. In most organisations the honest answer to these questions is “we don’t fully know”, some data that’s seen as irrelevant by management could be a goldmine for a competitor or malicious actor while a relatively junior staffer could be saving critical documents on an external drive or consumer cloud service with a weak password.

    Managing those knowns, or unknowns, is a tough task and one that needs to be tempered by realism.

    In truth no system administrator has full knowledge of their network, for organisations real security comes from having strong leadership, robust processes and delivering the products and services demanded by the public.

    Technology will help deliver those products and services while helping strong leaders implement robust process but ultimately a secure organisation needs good management, not better tech.

    From the cyber security point of view, Telstra’s forum had many useful thoughts and we’ll look at more aspects regarding security that came up in the sessions later in the week.

    Similar posts:

    • No Related Posts
  • Leaping seconds, new millennia

    Leaping seconds, new millennia

    Along with a storm disrupting cloud computing services, last weekend also saw computer networks being disrupted by the leap second.

    Servers needed to rebooted, websites froze and – as usual whenever there’s a technical glitch – airline check in systems fell over causing chaos for thousands for travellers.

    It’s all very reminiscent of what we thought would happen with the Y2K bug. While sensible people didn’t think planes would fall from the sky, dams collapse and the world financial system grind to a halt (we had to wait another eight years for that), we did think there would be a lot of dumb little things to irritate us over the first few days of the year 2000.

    That no real disruption happened, not even the airlines check in systems failed or tried to check in people for 1901, was credit to the entire IT industry. It a shame that the success in dealing with the complex unknowns of what was called the Y2K “bug” – which wasn’t really a bug but a feature – ended up being portrayed a scam by the entire IT sector.

    A couple of years ago I was talking to a finance guy who claimed “the whole global financial crisis was a scam, just like Y2K.”

    That view overlooks how the IT industry knew it had a problem and dealt with it, as opposed to the banksters and their friends in government who denied there was a problem right up to the moment it happened.

    Of course it’s easy to ignore your business or industry has a problem if you know your friends in government will make sure your bonuses, holiday homes and private school fees will be guaranteed by the taxpayer, the taxpayers’ children and the taxpayers’ grandchildren.

    Last weekend’s leap second and the cloud computing outage teach us that technology isn’t infallible and that things do go wrong.

    For most of us when they do go wrong, we won’t have the government to bail us out.

    This isn’t anything new. In any complex society, the unexpected can disrupt our comfortable way of living in ways we don’t expect. It’s something all of us should occasionally think about.

    Similar posts: