CC3001

BOOKreview 

The Cyber House Rules 

Security is more of a cultural Issue than a technical one, as Raef 

Meeuwisse explains in his new book 

Amid accusations of political 

chicanery by the Russians 

interfering in the American 

Presidential elections, mass theft of 

personal information from major Internet 

players like Yahoo, DDoS (distributed 

denials of service) attacks that seriously 

disrupt access to the Internet and the 

hacking of websites previously considered 

secure to set up phishing attacks and steal 

personal, political and company 

information, one would be correct in 

thinking that we are in the throes of a war 

against cybercriminals. 

And this war is only set to intensify, as the 

explosion in criminal activity on the net is 

being more than matched by the growth in 

the Internet of Things (IoT), Smart Building 

technologies, autonomous transport 

systems, and a host of personal devices 

from Fitbits and watches to connected 

home devices. 

Each Wi-Fi connected smart appliance, 

vehicle, environmental sensor needs an 

Internet address, and as they are so easy 

to acquire and set up many users are quite 

happy to carry on using the security codes 

they were supplied with. For the 

cybercriminal that is the equivalent of 

leaving the back door open, as hacking 

into, say, your Netflix account via your 

Chromecast device could then potentially 

open a path to your Amazon Prime 

account, for example, which conveniently 

holds your bank account details. 

Now this particular sequence of hacks 

may never actually occur (Google regularly 

updates the Chromecast's firmware, for 

one thing) but the essence of a safe 

security system is not just about closing 

the loopholes that you already know about 

in your system, but in blocking off access 

to cybercriminals to parts you don't know 

about - but which they probably do! 

All of this is explained in detailed terms by 

Raef Meeuwisse, in his new book 

'Cybersecurity Exposed: The Cyber House 

Rules.' Whilst it provides a breakdown of 

different types of security breaches, the 

reasons for them, and the impact of recent 

'megabreaches', the book, written in Raef's 

distinctive and unique style, also focuses 

on the human elements of security. This is 

to be expected given the author's long 

experience and involvement in the industry, 

and his insider knowledge derived from 

advising many companies about how they 

should address the problem within their 

own industries. 

The underlying theme of the book is that 

developing a secure environment for a 

company to operate in is a people 

problem as much as a technical one. 

Whilst every aspect of information flow 

needs to be assessed - from the lowliest 

device on the network to the central 

servers and operating systems - working 

processes that constantly monitor security 

need to be established. 

IT managers, responsible for defining and 

implementing the security systems that the 

company requires need to have the ear of 

business managers, and the usual 

balancing of costs with the likelihood of 

breaches disavowed - likewise the 

sacrificial role of the security expert when 

security breaches do occur. 

The book also stresses the need to have 

an established strategy for security built in 

from the start, rather than operating a 

detection and recovery system, pointing 

out that the latter, reactive, solution could 

cost companies a thousand times more. 

Raef admits that he has not included a lot 

of technical information in the book about 

the different types of security breaches that 

might occur, and how to set up what he 

calls 'security by design', but that is 

understandable, as advances in 

technology and the evolution of 

cybercriminals make that impracticable, 

and specific examples would soon 

become outdated. Instead, the focus is on 

the human aspect of security, the reasons 

companies fail or succeed, and the need 

to develop a safe culture within a company 

that minimises the opportunity for such 

megabreaches. 

Let me illustrate that with a personal 

anecdote. In hospital whilst reading 

Raef's book, I was struck by the 

similarities between the culture Raef was 

advocating and that of the NHS. Before 

every procedure that incurred risk, I was 

asked my date of birth to certify that I was 

me (as a patient, equating to an item of 

information). In the operating theatre, the 

surgeon, nurses and technicians 

indulged in a formal dialogue that 

explained exactly who I was, what they 

were going to do and why. 

Security of the patient's well-being was 

the underlying ethos of the NHS staff to 

the extent that this standard of behaviour 

had become second nature to them. I was 

there to have a pacemaker fitted, 

programmed using Wi-Fi. I take it I am now 

part of the 'Internet of Things'... 

You might be thinking that security issues 

aren’t really a concern for those of us in the 

construction industry, but I would beg to 

differ. Not only do we happily transmit large 

data files around the world, but we are 

responsible for designing Smart Cities, 

setting up the infrastructure and specifying 

the IoT solutions that will dominate our 

lives in the future. We are also corporate 

entities in our own rights, with the need to 

keep our finances, business activities and 

shareholder's concerns secure and in 

place - all the more reason, then, to give 

Raef's latest work a read. 

Cybersecurity Exposed: The Cyber House 

Rules' is published by Cyber Simplicity Ltd. 

34 

January/February 2017

Previous page

Next page

1

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

CC3001

Create successful ePaper yourself

Delete template?

Save as template?