CC3001
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
BOOKreview<br />
The Cyber House Rules<br />
Security is more of a cultural Issue than a technical one, as Raef<br />
Meeuwisse explains in his new book<br />
Amid accusations of political<br />
chicanery by the Russians<br />
interfering in the American<br />
Presidential elections, mass theft of<br />
personal information from major Internet<br />
players like Yahoo, DDoS (distributed<br />
denials of service) attacks that seriously<br />
disrupt access to the Internet and the<br />
hacking of websites previously considered<br />
secure to set up phishing attacks and steal<br />
personal, political and company<br />
information, one would be correct in<br />
thinking that we are in the throes of a war<br />
against cybercriminals.<br />
And this war is only set to intensify, as the<br />
explosion in criminal activity on the net is<br />
being more than matched by the growth in<br />
the Internet of Things (IoT), Smart Building<br />
technologies, autonomous transport<br />
systems, and a host of personal devices<br />
from Fitbits and watches to connected<br />
home devices.<br />
Each Wi-Fi connected smart appliance,<br />
vehicle, environmental sensor needs an<br />
Internet address, and as they are so easy<br />
to acquire and set up many users are quite<br />
happy to carry on using the security codes<br />
they were supplied with. For the<br />
cybercriminal that is the equivalent of<br />
leaving the back door open, as hacking<br />
into, say, your Netflix account via your<br />
Chromecast device could then potentially<br />
open a path to your Amazon Prime<br />
account, for example, which conveniently<br />
holds your bank account details.<br />
Now this particular sequence of hacks<br />
may never actually occur (Google regularly<br />
updates the Chromecast's firmware, for<br />
one thing) but the essence of a safe<br />
security system is not just about closing<br />
the loopholes that you already know about<br />
in your system, but in blocking off access<br />
to cybercriminals to parts you don't know<br />
about - but which they probably do!<br />
All of this is explained in detailed terms by<br />
Raef Meeuwisse, in his new book<br />
'Cybersecurity Exposed: The Cyber House<br />
Rules.' Whilst it provides a breakdown of<br />
different types of security breaches, the<br />
reasons for them, and the impact of recent<br />
'megabreaches', the book, written in Raef's<br />
distinctive and unique style, also focuses<br />
on the human elements of security. This is<br />
to be expected given the author's long<br />
experience and involvement in the industry,<br />
and his insider knowledge derived from<br />
advising many companies about how they<br />
should address the problem within their<br />
own industries.<br />
The underlying theme of the book is that<br />
developing a secure environment for a<br />
company to operate in is a people<br />
problem as much as a technical one.<br />
Whilst every aspect of information flow<br />
needs to be assessed - from the lowliest<br />
device on the network to the central<br />
servers and operating systems - working<br />
processes that constantly monitor security<br />
need to be established.<br />
IT managers, responsible for defining and<br />
implementing the security systems that the<br />
company requires need to have the ear of<br />
business managers, and the usual<br />
balancing of costs with the likelihood of<br />
breaches disavowed - likewise the<br />
sacrificial role of the security expert when<br />
security breaches do occur.<br />
The book also stresses the need to have<br />
an established strategy for security built in<br />
from the start, rather than operating a<br />
detection and recovery system, pointing<br />
out that the latter, reactive, solution could<br />
cost companies a thousand times more.<br />
Raef admits that he has not included a lot<br />
of technical information in the book about<br />
the different types of security breaches that<br />
might occur, and how to set up what he<br />
calls 'security by design', but that is<br />
understandable, as advances in<br />
technology and the evolution of<br />
cybercriminals make that impracticable,<br />
and specific examples would soon<br />
become outdated. Instead, the focus is on<br />
the human aspect of security, the reasons<br />
companies fail or succeed, and the need<br />
to develop a safe culture within a company<br />
that minimises the opportunity for such<br />
megabreaches.<br />
Let me illustrate that with a personal<br />
anecdote. In hospital whilst reading<br />
Raef's book, I was struck by the<br />
similarities between the culture Raef was<br />
advocating and that of the NHS. Before<br />
every procedure that incurred risk, I was<br />
asked my date of birth to certify that I was<br />
me (as a patient, equating to an item of<br />
information). In the operating theatre, the<br />
surgeon, nurses and technicians<br />
indulged in a formal dialogue that<br />
explained exactly who I was, what they<br />
were going to do and why.<br />
Security of the patient's well-being was<br />
the underlying ethos of the NHS staff to<br />
the extent that this standard of behaviour<br />
had become second nature to them. I was<br />
there to have a pacemaker fitted,<br />
programmed using Wi-Fi. I take it I am now<br />
part of the 'Internet of Things'...<br />
You might be thinking that security issues<br />
aren’t really a concern for those of us in the<br />
construction industry, but I would beg to<br />
differ. Not only do we happily transmit large<br />
data files around the world, but we are<br />
responsible for designing Smart Cities,<br />
setting up the infrastructure and specifying<br />
the IoT solutions that will dominate our<br />
lives in the future. We are also corporate<br />
entities in our own rights, with the need to<br />
keep our finances, business activities and<br />
shareholder's concerns secure and in<br />
place - all the more reason, then, to give<br />
Raef's latest work a read.<br />
Cybersecurity Exposed: The Cyber House<br />
Rules' is published by Cyber Simplicity Ltd.<br />
34<br />
January/February 2017