- Security TWENTY
- Women in Security
To spot the security and other risks of the digital age has become far harder in the industry – perhaps impossible?
At one of the quarterly seminars of ASIS UK, many years ago, a speaker from BP made a profound point. We live in an age of digital truth, he said. Put it this way, if you check your bank account at a cashpoint machine and it says you have £100, then you have £100 no matter whether you know you have £10 or £1,000. To remember how it used to be, think of one of the crucial scenes in the film (also a book) by John Le Carre, Tinker Tailor Soldier Spy. In the film Benedict Cumberbatch has to steal a log book out of the document library at the offices of the secret services so that Gary Oldman can consult it, to catch the Russian spy inside the organisation. He does so, inside his briefcase. Contrast the real theft from the digital age by Edward Snowden who carried away from the US far more data than Cumberbatch ever could, on a memory stick. The security industry has undeniably changed.
To apply that principle to business. A recent case in the public domain is of a data reporter for a national newspaper who got the idea of asking consumer goods firms for products; in return he would review them on the lifestyle section of his newspaper. In truth he did not have permission to do it, he used the IT equivalent of a back-door to upload his reviews. You may be able to guess the ending, not that the newspaper spotted something was on their website that did not belong – harmful to the reputation of a newspaper that is supposed to be aware of what is going on – but that one of the firms that gave goods innocently asked a real lifestyle section employee about the reviewer.
The newspaper could have praised the man’s flair and offered him a role in marketing or IT security, or, what they did do, hand him a bag to gather his things and leave. The moral of the story, in the old days (before 1998) before the internet when a newspaper was only printed, you could easily check what was published. Now, who knows what is on your website?
‘There are constant attacks’, Mark Zuckerberg, the found of Facebook said recently after his firm admitted a flaw that may have compromised 50 million accounts. Zuckerberg said that hackers try to steal information and take over accounts. He promised that the social media firm would keep investing in the security industry. That evokes the real time ‘attack map’ on the Norse Corporation website, as shown at Consec 2017, the conference of the Association of Security Consultants. It shows scarily live online attacks as lines shooting across a world map, from China to Norway, east to west coast of the United States (and back again), Ukraine to the US, and so on, it’s mesmerising to watch.
The difference is in risks between the old physical world and new digital one; the methods are different to do the same crimes, or wrongs. Take exam and essay cheating; copying someone’s work or getting someone else to write for you. Recently, dozens of UK university vice-chancellors wrote to the Government against ‘essay mills’ that ‘facilitate contract cheating by producing assignments-to-order for students’. They called for a new law with real-world and online parts to its enforcement: preventing the advertising of mills near campuses and in public places such as the London Underground, enable the removal of essay mills from search engine findings and prevent UK-based companies from hosting online ads for mills.
The academics called for a ‘UK Centre for Academic Integrity’, to research and combat academic misconduct. For the integrity of UK universities and their degrees – a big UK export success – are at stake. More practically, if you are an engineering firm, do you want to hire an engineer who gained his degree thanks to essay mills, whose bridges will collapse?! The essay mills provide original pieces of work not easily detected by anti-plagiarism software, universities admit. Contrast the old days when you could check the hand-writing of essays.
Last but not least, the risk to our way of life. In the Cold War, Russia tried to undermine the West by propaganda and funding strikes. While insidious, at least you could see it all, and the state could ‘follow the money’. Now, election votes and campaigning like everything else has gone online, hostile states can invisibly influence. Whether Donald Trump became US President with Russia’s aid (whether he knew is a side issue) is famous. While Tump has dismissed the possibility, to the UN Security Council recently he accused China of interfering in this month’s US congressional elections, which China rejected. In an industry of digital truth, fake news, un-attributable and deniable attacks, it requires not least a mental re-set to accept that securing things, even democracy, is not as straightforward as it was.
Adapted from ‘Spot the Digital Risk’, an article written in the November 2018 Professional Security Magazine by Mark Rowe.