Cybersecurity: More Than A Buzzword

Cybersecurity has moved from just a buzzword to a topic that has taken prominence in the businesses world in the face of increasing cyber attacks. Dr Duncan Hine, Principal Fellow from the University of Warwick and Consultant on Cybersecurity , addresses the threats, precautionary measures, and the future of cybersecurity.

icon-calendar-dark

10 Jan 2019

icon-clock-dark

5 mins


Cybersecurity has moved from just a buzzword to a topic that has taken prominence in the businesses world in the face of increasing cyber attacks. Dr Duncan Hine, Principal Fellow from the University of Warwick and Consultant on Cybersecurity , addresses the threats, precautionary measures, and the future of cybersecurity.

While cybersecurity used to be a problem for IT departments it now sits on the agenda at management meetings. What has caused this shift?

This follows the development of information technology and information systems over the last three decades. Organisations now understand that knowledge is the only real asset of value. This has led to information systems being represented on the main board. The same organisations are now realising that unless information security is well-managed, the knowledge in terms of confidentiality, integrity or availability is at risk.

It is not best practice for policies to be set and audited by the same person. So in many organisations, information security is separated from information systems and because of its importance it is also represented at board level or has frequent access to the board. In a good business or organisation, everybody has a role in securing information assets in some way.

What do you think presents the greatest security threat to businesses?

There are many threats to businesses, but most people think the greatest threat comes from insiders. These can be people who mean no harm, but who make mistakes through tiredness, ignorance or poor training. There are other groups of insiders such as people about to leave the organisation who want to take information with them.

Another group of insiders are more malicious. These are often people who have a problem with the organisation, others are taking revenge although for various reasons. Some insiders are very dangerous because they have access to sensitive information and the knowledge to do real harm.

Many people believe that it is only large organisations who often face the biggest threat when it comes to cybersecurity rather than individuals and smaller organisations. What is your view on this?

All organisations have problems relating to cybersecurity. Even individuals need to protect their information. Small organisations often supply larger ones and are a good way in for an attacker. A massive amount of information was stolen from an electronic retailer in the United States a couple of years ago. They were attacked through a supplier of ventilation equipment. This was a small company. So, small companies may also be a target as they are a way of attacking a larger target. Hence, we all need to be been vigilant at all times.

Can newbies to the technology sector seek a career in cybersecurity?

Some entrants to our MSc Cyber Security & Management programme are very technical and studied computer science or electronics as undergraduates. However, many are not technical at all and while this is a technical subject in some ways, it is also about people. When cybersecurity professionals try to communicate with other people in organisations, they do not use technical terminology. It is often better to have cybersecurity people who have good communication skills and general business knowledge.

What do you think of some important traits that could help identify if one is wired for a career in cybersecurity?

Some of our most successful graduates are very technical and want to specialise in security, but there are also successful people who want to improve security in an organisation. One common characteristic is being able to solve problems and to play games. We often must work out what an attacker will do next, so we can defeat them. We also see that students who solve puzzles and play games help to work out what complex data is really telling us.

What will the future of cybersecurity look like in five to 10 years?

While we see many aspects of the industry accelerating constantly in the way it is developing, there is an increasing need to use artificial intelligence (AI) to detect attacks and defeat them. Attackers are also using AI and future battles in cyberspace may be fought by one machine on another. The head of Google technology believes the so called ‘singularity’ will happen soon. This is the moment when AI will be as capable as the cleverest person on the planet. Some commentators think this could be before 2030. Then, we might have greater challenges to overcome.

The MSc in Cyber Security and Management awarded by the University of Warwick is designed for those wishing to develop a career as a cyber security professional, or take a leading role in an organisation critically dependent upon data and information communication technology. For more information on the programme, click here.

 

Posted online, 11 December 2018