13 August 2015
BT Ingenious recently hosted a panel debate at the top of the BT Tower to question preconceptions about the risks and responsibilities of cyber security. Dr Siraj Shaikh, Reader in Cyber Security at Coventry University, was on the panel and explored how a fundamental lack of trust in human behaviour has led to today’s security landscape.
In terms of cyber security, what I believe we need to ask is, ‘what is ethical and who is responsible?’ I train ethical hackers in the mind-sets of cyber criminals, challenging students to anticipate how they might operate. But is training ethical hackers the only way to counteract online criminal activity or is there a smarter way of provoking change?
While it’s true that security knowledge and practise may be improving, one thing sticks out across a host of different people – whether governments, policy makers, civil servants, online retailers, even everyday consumers – and it’s the lack of trust.
Perhaps we should be questioning whether there is a way to prevent criminal activity online without only preparing for when the worst happens. Can we reverse this order somehow and start thinking about basic measures of trust that can be instilled within everyday users and the services they use?
We are working in interesting times. For example, we won’t open email attachments or use flash drives without wondering whether or not it’s safe to do so. Equally, a recent EU eGovernment survey told us that nearly half of users don’t find eGovernment services to be transparent enough with data use. This lack of trust between organisations and workers is wholly exacerbated by casual attitudes toward security. We may be making breakthroughs in terms of technology, but the lack of trust is impeding an overall move into trusted environments online.
And should we even trust ourselves? Do we look after our own information, passwords, online accounts with due sensitivity? We need only to look to social media sites to realise the answer.
Increasingly it is Hollywood and newspaper headline writers who are setting the cybersecurity agenda - it’s salacious at best and scaremongering at worst. People are beginning to distrust companies rather than individuals, which can cloud responsibility – we assume the big organisations are providing safe solutions online without looking at our own activity and questioning whether it’s wise.
We need to refocus our efforts on setting our own example. Both organisations and individuals themselves need to take a clearer, more candid look at their online activity to move forward into safer online environments. Until that happens, we can only plan for what we assume is the inevitable in cyber security.