Cybersecurity Demands Change in Approach

Technology design must change to ensure cybersecurity is easier to carry out.

According to industry experts technology design must change to ensure cybersecurity is easier to carry out.    

Ian Levy, technical director at the UK’s National Cyber Security Centre (NCSC), said: “We risk a C1-level national cybersecurity incident in the next few years if we do not put some science and data behind cybersecurity and start to demystify it. 

“I think we can stop [a C1-level incident] from happening, but the trajectory I see at the moment around how cybersecurity is talked about and how people put militaristic analogies around it that make people think they can’t defend themselves, is really dangerous.”

Levy said the NCSC wants to publish data and evidence to ensure that people really understand how to carry out “risk management” properly.

He added: “Because in the end, cybersecurity is just risk management, which is not fundamentally different to HR, legal or financial risk management.”

Levy believes that the way technology is designed at the moment makes impossible security demands on people.         

Peter Wood, CEO at cybersecurity consultancy First Base Technologies said there is still a lot of opportunity for social engineering, especially with attackers routinely stealing legitimate credentials to impersonate people in authority to trick others into cooperating with them.

He said: “Stealing legitimate credentials enables attackers to not only socially engineer people but also to get into corporate systems to locate, identify, exfiltrate, damage and even manipulate data easily,”

Wood believes that although it is difficult to predict what attackers will do next, it seems likely that future organisations and individuals will be faced with a new order of automated attacks.

He said: “Right now, the cybercriminal has automated the bog-standard attacks. We have seen that within 30 seconds of connecting a brand new computer to the internet, it is pinged, it is port scanned within 45 seconds and if it had got patches missing, it is pwned in two minutes, which must be automation.”

print this article

Return to internet news headlines
View Internet News Archive

Share with: