Blogs

RSS FeedBlogs

Outside In

Bill McCluggage

RSS FeedSubscribe to this blog
About Author
Bill McCluggage

Bill is Chief Technologist - Public Sector for EMC UK &Ireland. He joined EMC in February 2012 following 12 years in CIO roles in both the public and private sector. He is passionate about the role IT plays in our daily lives and how it can transform public services delivered to customers and citizens, especially in areas such as Cloud, Cyber and Big Data. He has a fascinating CV and has a BSc in Electrical & Electronic Engineering, an MSc in Aerosystems Engineering and is a visiting Professor at the University of Ulster’s Business School at their Magee Campus.

A Cyber Christmas Carol - with apologies to Charles Dickens

Beware the ghosts of Cyber Christmas...

Article comments
It was Christmas Eve and the miserly and embittered Ebenezer Scrooge made his way home through the darkening gloom of a city landscape.  He had just locked up the office having wrung the last few hours of work out of Bob Cratchit, his long suffering IT security manager. 

He arrived home and booted up an old PC: after all finances were tight and even if the machine was ancient, he wasn't about to waste money on anything as fancy as a new tablet, MacBook or Windows 8 machine, or for that matter, any of those expensive security suites that Bob Cratchit had suggested.

He hit the browser button and typed in a few letters on the search bar.  The wireless connection he was using was his neighbour's, and a wry smirk came over his face as he thought how easy it had been to piggy-back on an open wireless router with no password.

He still had lots of work to do sorting through sensitive customer accounts that naturally he’d transferred by unencrypted email to his home machine because, after all, he wasn’t about to lose a day’s work away from the office over Christmas.   

After a hard day’s grind, it didn't take long before his eyelids became heavy and, as he tried to shrug off the tiredness, a strange chained figure started to emerge from the screen. An eerie shape he recognised as that of his long-deceased business partner, Jacob Marley!  

Jacob had come to warn him of three ghosts that would visit him that night. The ghosts would reveal his lack of cyber health, the opportunities he’d missed by ignoring the basics of good cyber hygiene in his youth, his miserable attitude to protecting himself online and the dire consequences in his digital future if he didn’t mend his ways.  

The Ghost of Cyber Past was the first spirit to visit.  It showed him his youth - a period when he’d been a fun-loving soul, open to suggestions of good cyber practice.  He had been taken back some 26 years to August 1986 to the Lawrence Berkeley National Laboratory in California.  Sitting at a terminal was Clifford Stoll, who’d been asked to look into a $0.75 accounting error in the computer usage accounts.  What he was watching was the painstaking investigation into what was later identified as a state-sponsored hacking attack, documented by Clifford Stoll in his book ‘The Cuckoo’s Egg’.  

Scrooge watched as Stoll recorded the hacker’s actions as he tested accounts at US military bases and in some cases gained unauthorised access to sensitive sites.  Scrooge was horrified at how the hacker copied passwords, set up Trojans and managed to get into so many high security sites simply by using easy-to-guess passwords.

Quickly the first apparition vanished, and he was confronted with the second spirit, the Ghost of Cyber Present.  

Almost instantly he was transported to an office in Whitehall in London where officials charged with tackling the huge level of public sector fraud were talking about the recent presentation they’d received on ‘An Anatomy of an Attack’.  He listened to how Spear Phishing used well designed social engineering methods to target an unsuspecting employee in order gain access to their system and circumvent existing perimeter and endpoint defences.  

For the first time, Scrooge heard about Advanced Persistent Threat attacks that are sophisticated and purpose built to install a Remote Administration Tool designed to gain control of the victim’s machine and extract valuable data.     

Just as Scrooge was starting to fear the highly sophisticated capabilities of today’s cyber attackers, the Ghost of Cyber Present vanished and was replaced by the Ghost of Cyber yet to come.

Scrooge was made aware of the growing cyber risks associated with the ‘Digital Universe’, the unimaginable increase in data volumes that the world will be generating in 2020, the ubiquitous ‘digital by default’ world of public sector services and the increasing sophistication of the cyber-criminal, hacktivist and malware coder.       

Fearing the worst, Scrooge hid behind the ghost but he was soon shown the ‘10 Steps to Cyber Security’ recently published by the Department for Business Innovation and Skills, he was made aware of how the Government was protecting and promoting the UK in a digital world and he was then rapidly transported through a whirlwind tour of the various Centres of Excellence in Cyber Security in Belfast, Bristol, Lancaster London, Oxford and Southampton. He learnt about Adaptive Authentication and how collaboration and the sharing of intelligence on cyber crime would mitigate cyber crime, fraud and identity theft. 

He woke suddenly with a jolt.  It was Christmas morn and he realised that he needed to correct the error of his ways.  He would reward Bob Cratchit with extra resources, implement the recommendations of the 10 Steps to Cyber Security and test his response to cyber compromise.  He would also share his good news and collaborate on countering cyber crime.

The End 

I hope you’ve enjoyed this little ditty. Perhaps it has made you think a bit more seriously about your own cyber security and, as usual, let me leave you with a quote:  

“No space of regret can make amends for one life's opportunity misused” 

Merry Christmas and a Happy New Year
Enhanced by Zemanta

Share:

Comments

Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open