Information and Cyber security
Information and Cyber security
I know that the most obvious thing to do is use the phrase, cyber security. But to me it is so much more than that, and will be the reason I always use the phrase information and cyber security.
Perhaps that is not such a good thing from a marketing perspective. However, I am going stick my heels in and go against the grain. Being a tad flippant about this; I am able to justify securing (in whatever way) information, but the cyber? I've personally not come across any cybers that needed securing, unlike Dr Who of course.
Moving away from flippancy, to me it comes down to a word, 'intent'. What are the intentions of those acting against us as businesses; as humans; and as nations in such a negative (criminal) way?
Published more or less on a daily basis will be the statistics that demonstrate just how many records (containing information) are lost. But, the records may not simply be lost (stolen), they could be destroyed or perhaps encrypted.
A phishing attack that attempts to exploit the weakness of a human into clicking on a link within an email or its attached document has an end objective. The criminals' intent may well be to extort money from its victim (ransomware). Whatever that end objective the outcome to the victim could be catastrophic.
It was stated by Alvin Toffler, Powershift: Knowledge, Wealth and Violence at the Edge of the 21st Century,1990 that:(note: the bulleted list has been paraphrased, and the words in italics are my thoughts):
The concern I suppose must be that the discussion has been going on for 53 years (and more) around the protection of information (and privacy). So, just why did it all go horribly wrong, and make no mistake it has gone horribly wrong.
Information (and its data) is something that we work with daily: personal data; companies merger and acquisition information; the designs for a new product that will take a business from simply ticking-over to one that becomes a major global player; the order-of-battle for a particular navy, army or airforce; a users login credentials; or the readings from your smart (gas/electricity) meter.
All of this information and its data have a level of sensitivity that is important to the human, to a business, to a government. But, it is also of interest to those individuals and groups who have a less than legitimate reason for acquiring the knowledge.
But, and this is the challenge; does the CEO, CFO et al have any interest in knowing that the debate around protecting information and its data has been going on for greater than 53 years, and yet records in vast quantities continue to be removed, unlawfully, from the business and other environments. Whilst many executives are simply 'solution' rather than 'problem' driven, learning lessons is an important part of life.
Forgetting about the information and its data when considering 'security' is going to end up costing, and not just financially; there could well be a human cost.
This brings us around to the technology. Whether it is called cyber or IT or technology, I don't think it matters too much. What is clear in 2020 is that technology continues to bash on regardless. In many different ways the world is a better place for it, but it is also a problem space that needs serious consideration.
The discussions on where 'cyber' originated, its companion cyberspace, or whether cyber is a noun, an adjective or an adverb is not going to be continued here. What will be continued is the discussion on, 'intent'.
The technology in the office or in our pockets will: aid the manufacture of products; move utilities (gas, electricity, and oil) around; manage the movement of shipping, airplanes, trains, cars, lorries; help in generating nuclear energy, and so on.
However the intent is not to gather information for financial purposes, but to use and to abuse sensitive information to disrupt or destroy the ability of airplanes to navigate safely; to spin up centrifuges; to cause operational technology (OT) devices to run amok in the manufacture of products.
Where one human manipulates technology for a positive purpose, others will use it for negative purposes.
But the technology, and perhaps its purpose can be (is), flawed.
Take privacy for example. It's not technology itself, it is a concept backed by legislation and regulation that humans demand. But, technology and its purpose can manipulate that concept for other purposes. Social media may well protect the privacy of one human being from another, but does it protect the privacy of those humans from the business itself?
Technology can and does map a user's mouse cursor movement within a web page. Why, and does the user know that the movement is being mapped?
Using a device to gain access to the Internet to stream films, documentaries, or a television series whilst staying at a hotel is such a part of modern life. What could possibly go wrong? Using that same device to access the Internet in order to draft work reports online; what could possibly go wrong?
An awful lot is simply the answer!
Technology is wonderful, but it is flawed, our use of it is also potentially flawed. A young teen sitting in their bedroom has access to a vast quantity of information technology tools that could (will) negatively impact upon a business, another human being, a government. It is down to 'intent', knowledge that the information technology is flawed and the ease at which another human being can be manipulated.
Call it cyber security or cybersecurity, one doesn't care, but I'm going to call it, information and cyber security because simply they are locked together and separating the two is neigh on impossible. Of course you will have your opinion, this one is mine.
KanSecurity (NL)
Published more or less on a daily basis will be the statistics that demonstrate just how many records (containing information) are lost. But, the records may not simply be lost (stolen), they could be destroyed or perhaps encrypted.
A phishing attack that attempts to exploit the weakness of a human into clicking on a link within an email or its attached document has an end objective. The criminals' intent may well be to extort money from its victim (ransomware). Whatever that end objective the outcome to the victim could be catastrophic.
It was stated by Alvin Toffler, Powershift: Knowledge, Wealth and Violence at the Edge of the 21st Century,1990 that:(note: the bulleted list has been paraphrased, and the words in italics are my thoughts):
- The pool of potential knowledge and information in the world is virtually inexhaustible,
- Note: The storage needs are beginning to outstrip the amount information/data that is being accumulated. IARPA and others are developing the means to store data onto DNA.
- Information is valuable for trade when you have it and someone else wants it,
- Note: The information a business has is of value to someone else, but to whom and why?
- Information, unlike goods, cost nothing to move around,
- Note: Well, at least very little cost in relative terms, but yet still easier to transport.
- Information can be shared, and then used over and over again, without exhaustion. It is effectively an infinite resource,
- Note: It is an infinite resource from which revenue can, legitimately or not, be generated.
- Information may become valueless as a result of some new information that supercedes or invalidates it.
- Note: as an infinite resource, once some of it has become of little value, it can be replenished.
The concern I suppose must be that the discussion has been going on for 53 years (and more) around the protection of information (and privacy). So, just why did it all go horribly wrong, and make no mistake it has gone horribly wrong.
Information (and its data) is something that we work with daily: personal data; companies merger and acquisition information; the designs for a new product that will take a business from simply ticking-over to one that becomes a major global player; the order-of-battle for a particular navy, army or airforce; a users login credentials; or the readings from your smart (gas/electricity) meter.
All of this information and its data have a level of sensitivity that is important to the human, to a business, to a government. But, it is also of interest to those individuals and groups who have a less than legitimate reason for acquiring the knowledge.
But, and this is the challenge; does the CEO, CFO et al have any interest in knowing that the debate around protecting information and its data has been going on for greater than 53 years, and yet records in vast quantities continue to be removed, unlawfully, from the business and other environments. Whilst many executives are simply 'solution' rather than 'problem' driven, learning lessons is an important part of life.
Forgetting about the information and its data when considering 'security' is going to end up costing, and not just financially; there could well be a human cost.
This brings us around to the technology. Whether it is called cyber or IT or technology, I don't think it matters too much. What is clear in 2020 is that technology continues to bash on regardless. In many different ways the world is a better place for it, but it is also a problem space that needs serious consideration.
The discussions on where 'cyber' originated, its companion cyberspace, or whether cyber is a noun, an adjective or an adverb is not going to be continued here. What will be continued is the discussion on, 'intent'.
The technology in the office or in our pockets will: aid the manufacture of products; move utilities (gas, electricity, and oil) around; manage the movement of shipping, airplanes, trains, cars, lorries; help in generating nuclear energy, and so on.
However the intent is not to gather information for financial purposes, but to use and to abuse sensitive information to disrupt or destroy the ability of airplanes to navigate safely; to spin up centrifuges; to cause operational technology (OT) devices to run amok in the manufacture of products.
Where one human manipulates technology for a positive purpose, others will use it for negative purposes.
But the technology, and perhaps its purpose can be (is), flawed.
Take privacy for example. It's not technology itself, it is a concept backed by legislation and regulation that humans demand. But, technology and its purpose can manipulate that concept for other purposes. Social media may well protect the privacy of one human being from another, but does it protect the privacy of those humans from the business itself?
Technology can and does map a user's mouse cursor movement within a web page. Why, and does the user know that the movement is being mapped?
Using a device to gain access to the Internet to stream films, documentaries, or a television series whilst staying at a hotel is such a part of modern life. What could possibly go wrong? Using that same device to access the Internet in order to draft work reports online; what could possibly go wrong?
An awful lot is simply the answer!
Technology is wonderful, but it is flawed, our use of it is also potentially flawed. A young teen sitting in their bedroom has access to a vast quantity of information technology tools that could (will) negatively impact upon a business, another human being, a government. It is down to 'intent', knowledge that the information technology is flawed and the ease at which another human being can be manipulated.
Call it cyber security or cybersecurity, one doesn't care, but I'm going to call it, information and cyber security because simply they are locked together and separating the two is neigh on impossible. Of course you will have your opinion, this one is mine.
KanSecurity (NL)