It was Christmas Eve and the miserly and embittered Ebenezer Scrooge made his way home through the darkening gloom of a city landscape. He had just locked up the office having wrung the last few hours of work out of Bob Cratchit, his long suffering IT security manager.
He arrived home and booted up an old PC: after all finances were tight and even if the machine was ancient, he wasn't about to waste money on anything as fancy as a new tablet, MacBook or Windows 8 machine, or for that matter, any of those expensive security suites that Bob Cratchit had suggested.
He hit the browser button and typed in a few letters on the search bar. The wireless connection he was using was his neighbour's, and a wry smirk came over his face as he thought how easy it had been to piggy-back on an open wireless router with no password.
He still had lots of work to do sorting through sensitive customer accounts that naturally he’d transferred by unencrypted email to his home machine because, after all, he wasn’t about to lose a day’s work away from the office over Christmas.
After a hard day’s grind, it didn't take long before his eyelids became heavy and, as he tried to shrug off the tiredness, a strange chained figure started to emerge from the screen. An eerie shape he recognised as that of his long-deceased business partner, Jacob Marley!
Jacob had come to warn him of three ghosts that would visit him that night. The ghosts would reveal his lack of cyber health, the opportunities he’d missed by ignoring the basics of good cyber hygiene in his youth, his miserable attitude to protecting himself online and the dire consequences in his digital future if he didn’t mend his ways.
The Ghost of Cyber Past was the first spirit to visit. It showed him his youth - a period when he’d been a fun-loving soul, open to suggestions of good cyber practice. He had been taken back some 26 years to August 1986 to the Lawrence Berkeley National Laboratory in California. Sitting at a terminal was Clifford Stoll, who’d been asked to look into a $0.75 accounting error in the computer usage accounts. What he was watching was the painstaking investigation into what was later identified as a state-sponsored hacking attack, documented by Clifford Stoll in his book ‘ The Cuckoo’s Egg’.
Scrooge watched as Stoll recorded the hacker’s actions as he tested accounts at US military bases and in some cases gained unauthorised access to sensitive sites. Scrooge was horrified at how the hacker copied passwords, set up Trojans and managed to get into so many high security sites simply by using easy-to-guess passwords.
Quickly the first apparition vanished, and he was confronted with the second spirit, the Ghost of Cyber Present.
Almost instantly he was transported to an office in Whitehall in London where officials charged with tackling the huge level of public sector fraud were talking about the recent presentation they’d received on ‘ An Anatomy of an Attack’. He listened to how Spear Phishing used well designed social engineering methods to target an unsuspecting employee in order gain access to their system and circumvent existing perimeter and endpoint defences.
For the first time, Scrooge heard about Advanced Persistent Threat attacks that are sophisticated and purpose built to install a Remote Administration Tool designed to gain control of the victim’s machine and extract valuable data.
Just as Scrooge was starting to fear the highly sophisticated capabilities of today’s cyber attackers, the Ghost of Cyber Present vanished and was replaced by the Ghost of Cyber yet to come.
Scrooge was made aware of the growing cyber risks associated with the ‘ Digital Universe’, the unimaginable increase in data volumes that the world will be generating in 2020, the ubiquitous ‘ digital by default’ world of public sector services and the increasing sophistication of the cyber-criminal, hacktivist and malware coder.
Fearing the worst, Scrooge hid behind the ghost but he was soon shown the ‘ 10 Steps to Cyber Security’ recently published by the Department for Business Innovation and Skills, he was made aware of how the Government was protecting and promoting the UK in a digital world and he was then rapidly transported through a whirlwind tour of the various Centres of Excellence in Cyber Security in Belfast, Bristol, Lancaster London, Oxford and Southampton. He learnt about Adaptive Authentication and how collaboration and the sharing of intelligence on cyber crime would mitigate cyber crime, fraud and identity theft.
He woke suddenly with a jolt. It was Christmas morn and he realised that he needed to correct the error of his ways. He would reward Bob Cratchit with extra resources, implement the recommendations of the 10 Steps to Cyber Security and test his response to cyber compromise. He would also share his good news and collaborate on countering cyber crime.
I hope you’ve enjoyed this little ditty. Perhaps it has made you think a bit more seriously about your own cyber security and, as usual, let me leave you with a quote:
“No space of regret can make amends for one life's opportunity misused”
Merry Christmas and a Happy New Year