Tag Archives: security

Future Watch Part 3 logo

Future Watch: Privacy and Social Media

Future Watch 3 – Privacy and Social Media

Tech legend and one-half of Know Now, Chris Cooper concludes the discussion with Gemma Christie on data security and privacy. They talk openly about how Facebook and Google use your data, along with a great sandwich story. We also take a look at what the future holds for having more control over your own personal digital footprint.

 

G: You wrote your article ‘5 rules of thumb and security of YOUR data’ in 2015 so it’s about a year old now. Do you think there have been any substantial improvements within the last year?

C: No. I think it’s got worse, to tell the truth.

 

G: In what way?

C: We’re seeing more and more stuff being connected without any good agreement on what constitutes good security design. There are a number of standards that are out there, but there isn’t an agreement on the handshake and the trusted exchange of information between devices. There isn’t a mechanism for what I call the ‘lizard principle’ or the ‘lizard tail principle’ for where you could shut something down and confine it and contain where you have maybe a risk or an exposure, and you can sacrifice that particular component.

I think where so many of the solutions that we see coming through are what I call ‘single-threaded decision makers’, so you have one sensor or one trigger that leads to one action, and all it takes is for that one thing to be compromised, and it just sets in chain a whole run of events.

A good holistic design has multiple decision-making points reinforcing a trend. If you’re responding to that trend proactively, it will achieve some type of difference. Where we seem to be, is on things that are going, right, I want to know something about the state of this area, and then once it reaches a certain point then I’m going to go do something else.

An example of this could be: river flow is going up, let’s open up a sluice gate. A sluice gate only has one centre and if that centre is compromised, the sluice gate doesn’t open. People get flooded. That just seems really poor design, a lack of thought on how you make stuff happen and a lack of desire, in my opinion, to invest appropriately in a fit-for-purpose solution that would stand the test of time. We tend to be buying on price for the short term and not investing in a project for the medium to long term.

So no, I don’t think how our ethos and how we approach projects, how we are trying to deliver stuff and connect stuff up, is following good systems practice. We’re still seeing a number of poorly-designed, poorly-implemented solutions, especially in the internet space.

The 5 reasons to worry about security

G: In the article that was written last year, you said there are five good reasons we need to worry about security?

Continue reading

Future Watch part 2 with Chris Cooper - Cyber Security

Future Watch: Cyber Security & Individuals

Future Watch 2: Cyber Security & Individuals

Today Chris is talking to Gemma Christie about the world’s biggest data breaches, data security at your bank, your mobile phone company, the government and where Google are going with security.

 

G: In your original article, you linked to a pretty good infographic that was showing the World’s Biggest Data Breaches (http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/). Some of these companies were eBay and JP Morgan. How at risk are large organizations and of course, the individuals that are subscribing to, buying from or working with these organisations? Are they at risk?

You cannot drop the ball on Cyber Security

You cannot drop the ball on Cyber Security

C: I think every organisation is potentially at risk. You cannot drop the ball on cyber security. You’re only as good as your previous day’s clean bill of health. I think one of the things that a security professional taught me when I was first starting out designing systems, is that the answer from security is no. Think like security. They’re not going to let you do this, so what will they allow me to do because I need that data or that transaction to break through what is a secure area.

Security people do not like leakage. They don’t want stuff that’s their organisation’s to be taken and pushed out into the open world. You don’t want rogue users in your environment, and rogue transactions in your environment. You’ve got different types of thing that you’re trying to protect, and you need different techniques and you need different types of vigilance. Be it from someone looking at a camera because you’re stopping physical intrusion, through to someone looking at trends in data performance because what you won’t see is the process that’s caused it being rogue. But what you will see is maybe the evidence of its existence because you’re processing time is getting longer, you’ve got unused threads and you’ve got database that shouldn’t be there.

Understanding your system and actively understanding what’s going on and being able to report with confidence, “Yeah, I know what’s going on. My data, my system, is safe and secure.” Having that process and those robust checks and balances to make sure people are doing their job and the system is working as designed are key.

 

G: What do you say to organisations that still haven’t put in place those secure systems?

Continue reading

Security Rules of Thumb from KnowNow

Police Line do not cross

Data Security is essential

Why do I need security in the first place?

Your data is being used by many organisations and yet you have minimal control.   Sometimes the data used will benefit you.   Sometimes it will be for the benefit of others.   The balance is starting to shift in our ever connected world where the gains of giving away your data are not as clear cut as they used to be.  Now we have more risks to worry about, more threats to manage and yet even more benefit to be enjoyed if we did share our information.

Threats are out there…..

Continue reading