Interviews

Cyber gap article

by Mark Rowe

Are there gaps open to cyberattack? asks Phil Wood, Head of the Department of Security and Resilience, at Buckinghamshire New University, in an article, titled – Walls of straw – the cyber risks to higher education.

In every facet of life, advances in communications technology and our reliance on computers and the internet allow us to live and work more efficiently than ever before. Higher education relies on the development of knowledge and the need to conduct and communicate research activity. Universities are often bound in research activity to business, government and other organizations whose interests need to be protected and managed. But is there a disparity in approach? Is research activity, security and the protection of privileged, proprietary and classified information appropriately implemented and managed in higher education?

Visit http://uksg.metapress.com/content/51l4518q1316715x/?genre=article&id=doi%3a10.1629%2f2048-7754.160

View as pdf – http://uksg.metapress.com/content/51l4518q1316715x/fulltext.pdf

He points to uni staff and students – ‘inquisitive and connected people, who need to access information and carry their information with them, and who need to be networked, it is important to understand that those who are employed in higher education will mutate the risk through bypassing systems and may be non-responsive to deterrence and defence measures. Moreover, because of their need to access and ensure that information flows, they may well take random or imprecisely targeted attacks and direct them to where they may cause more damage. This is now common human behaviour that is not necessarily malicious – but can be highly damaging in effect. Importantly, and as a major enabler of cyberattacks, our behaviours do not require financial investment by adversaries, as all universities have invested in structures and networks to process, store and manage information. All that the enemy needs to do is find the way in and our people can do the rest.

“If we cannot manage our people, we are handing over the access control ‘keys’ and offering free facilitation for cyber adversaries. So, we need rules. But these will only be effective if employees are willing and able to comply.”

He closes with the idea that universities are part of a wider society that faces immense challenges in dealing with the risks of cyber activity. “We are no different than any other organisation; we need to protect our information assets as the consequences of not doing so are potentially severe. As targets, with research and innovation at our centre and with unique and compounded access to business and information of strategic value, we must recognise and manage our vulnerabilities. Despite the technology risks, the emergent cyber vulnerability comes from human re-adaptation and psychological and social evolutions: we have a need to communicate and share constantly. The next time you sit on a train, or even walk down a busy street, look at the scale of information movement that is happening. This is a social and behavioural phenomenon, enabled by technology that makes it easy for humans to do what they need to; be recognised, stimulated, share, store and access information and communicate – exactly the business of education and research. We can consider the imposition of systems, processes and frameworks to manage our intellectual activity and the information that we own and share. In higher education, we have access to information that we do not necessarily own, but must protect. But we need to use that information constantly, we need to share it, and the new normalities of social networking provide an additional layer of shifting and accessible vulnerability gaps. And as a final thought, sometimes, educators can assume that those around them may be less intelligent or capable than themselves. Sometimes that may be true. However, to make that assumption in the cyber context, where adversaries are highly skilled and in many cases backed by huge resource, is dangerous. The academic mind is a marvellous and inventive thing to be valued and nurtured; the mind of a high-risk cyber adversary is equally marvellous – and is outwitting any number of professors every hour of every day. And cyber adversaries don’t take long vacations!”

For more about the resilience and security-related courses at Bucks New, based in High Wycombe, visit http://bucks.ac.uk.

And see Phil Wood’s blog.

Related News

  • Interviews

    Taiwan showcase at IFSEC 2015

    by Mark Rowe

    The Taiwanese companies EverFocus Electronics Corporation, VIVOTEK Inc., QNAP Systems Inc., and PLANET Technology Corporation took part in a technology showcase on…

  • Interviews

    Cyber law queried

    by Mark Rowe

    At the Labour Party Conference in Brighton Shadow Home Secretary Yvette Cooper called for harsher sentences for cyber criminals, arguing that the…

  • Interviews

    Malware evolution

    by Mark Rowe

    We ought to understand the evolution of malware, to tackle it, writes Darrel Rendell, UK Intelligence Analyst at anti-phishing product company Cofense.…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing