‘Stop thinking cyber security is an IT problem, because it’s not; it’s a business problem’, advised industry expert, Mike Gillespie, at a recent NSI Summit.
Mike, who entered the cyber security business before computers had made their way into offices, went on to stress that IT managers cannot be expected to manage this epidemic alone. 40 billion devices will be connected to the internet by 2020 and if something has a computer attached to it, it has the potential to be hacked. Cyber security poses the biggest threat to insurers’ balance sheets since 9/11, yet so many organisations have no real strategy to deal with it. The issue has to be taken on at board level, warned Mike, and security professionals have a huge role to play.
Security professionals making it easy for hackers
In today’s connected workplace, weak links in security systems can be the easiest way for hackers to get onto a network. Those culpable for inviting outsiders in sometimes include: manufacturers, who push out unsecured products until end-users stump up; installers, who leave systems running with default passwords; and end-users, who unknowingly open up networks, leaving their organisations vulnerable to attack.
A couple of examples…
Number one: Last year, news broke that hundreds of CCTV systems were live-streaming content across the internet. Nearly all of those systems, Mike explained, had been compromised because an installer had not changed the default username and password.
Number two: Mike identified a server on a client’s network, but couldn’t find it using schematics. The IT manager claimed to know nothing about it and, on paper, it didn’t exist. Eventually, the Facilities Manager admitted he had added it to the system, without communicating the change or being aware of the threat.
CLWright42 glad you enjoyed it. Lots more on Advent_IM website, blog and youtube channel ☺
Gerry_Dunphy ifsecglobal How about IT Security professionals getting to grips with physical security as well?
Great article, too true a reality, unfortunately. From what I’ve seen, security vendors don’t really want the hassle of anything that is too IT related in their SOW. Vendors don’t have an InfoSec department /personnel and Layer 2 switches are implemented for security systems even in highly tech organizations. Security operators will just leave it up to the vendor to handle any problems – unknowingly, in their ignorance (forgive the term) they could expose the organization to these third parties. But IT seems to be “avoiding” the risks from physical security systems by keeping them on separate physical networks and… Read more »
rossbale Gerry_Dunphy ifsecglobal Very good point! Sounds like a good follow-up article
In the business sector many number of computers are there and the IT manager doesn’t have enough time to check every computer. And as there are so many important data present so there is the chance of data stolen by the hackers. Your system also affected by the virus. So the physical security professionals need get grips cyber security. And thanks to you for your valuable information given in this blog its really helpful to the business owners.