The Evolution of Cyber Security

Written by Paul Zimmerman, COO at Invotra

Last week, Invotra was proud to host a fantastic event as part of Digital Leaders’ Cyber Resilience Week at The Core, part of Science Central in Newcastle. We arranged an impressive and diverse list of speakers, from local business leaders, to the police forces’ regional head of cyber-crime unit. The main objective was to get the audience to think differently about cyber security, and to leave feeling better informed and more able to protect themselves from the ever-present threat of cyber-crime.

The first speaker was Invotra’s CEO and founder Fintan Galvin, who delivered a whirlwind tour through the history of cyber security, exploring how an interest in hacking other people’s content or data dates back to ancient Greece. Although many consider cyber-crime to be a challenge of the technological age, Fintan encouraged the audience to explore a completely different perspective.

The next speaker was DS Martin Wilson from Durham Police, who brought along his team from the North East regional special operations unit (NERSOU). He gave the audience a great insight into the most current cyber challenges and threats, and explained their ‘Pursue, Prevent, Protect and Prepare’ strategy for tackling cyber-crime in the northeast of England.

Next up was one of the most exciting talks we’ve ever seen, delivered by Ivan Reedman, or Q (as in James Bond) as he is often referred to by friends and colleagues! Ivan is a systems designer for NCC group, who do a huge amount of cyber testing for large clients, including government, the intelligence community, and private enterprise. Ivan described his job as ‘trying to break things all the time’!  working in NCC’s assurance labs to explore hardware vulnerabilities and ways that you can unconsciously allow cyber criminals access to your systems, from something as simple as turning on a camera. He also showed the audience ways that hardware can be outsmarted, from creating a device that looks like a USB but that is something else altogether, to fooling facial recognition technology with the help of a 3D printed version of your face (obtained for less than £200). Naturally, the audience asked lots of questions about the possibilities around hacking hardware. His address was certainly a thought provoking one.

After lunch, Invotra apprentice Chelsea Cadd took to the stage to share her personal experience of embarking on one of the first apprenticeships in cyber security. Chelsea joined Invotra in July 2013 as a computer science apprentice, and has made a conscious decision to move into cyber security. She gave a very honest and humble account of her journey, saying “I’m not someone special but I’m doing something special” and joking that she still faces the ‘fear of new’ everyday. Chelsea told the audience of her ambitions to become security lead at Invotra within two years. Clearly we think Chelsea is pretty darn special.

Stew Hogg, Head of Cyber Security at Waterstons, a North East based IT and tech consultancy then spoke about the human factors when it comes to cyber resilience, citing many familiar examples and behaviours, such as writing passwords down on pieces of paper and attaching them to keyboards. He explored why people feel the need to do so, and how to work with them to encourage change and get wider buy into cyber security policies rather than simple awareness – which is not enough to ensure adequate protection. A consumer example of the risk of awareness without buy in referenced was ‘verified by visa’, an occasional pop up on an ecommerce transaction which exists to protect consumers, but because they don’t understand its purpose or the outcome of not acting, they often ignore it. Stew argued that proper understanding of its benefits would increase engagement, and the same applies in organisations.

Following Stew was Andy Ward, Director of XBIM, who discussed the security of buildings and assets in Building Information Models (BIM) and IoT. As well as exploring the various ways that individual assets and technologies can be protected (including more all -encompassing firewalls), Andy also got the audience to really think about the vulnerability of BIM, with a Star Wars reference! He explained that the Death Star was blown up because a Jedi knight got access to a blueprint of it via R2D2, which found its way to Princess Leia. She used the information from that blueprint (or the sci-fi equivalent of a BIM model!) to destroy the Death Star.

Finally, the day ended with a live hacking demo from Invotra’s senior leadership team; CTO Jonnie Russell, Lead Security Architect John Morahan, and Senior Developer, Vlad. The team demonstrated three different possible attacks, starting with a ‘Man in the Middle’ (MITM) attack. This is characterised by a HTTPS (secure) page where users are prompted to click through to another HTTPS page, but in the interim period, they are briefly diverted to a HTTP page (not secure). As a customer, you probably wouldn’t even notice this happening because you believe you’re simply clicking through to another secure web page. But the ‘Middle man’ is not secure, and this brief moment is all that is needed for hackers to exploit vulnerabilities.

The team also showed the audience an IoT hack, using a simple, newly bought electronic device procured only a few days ago from a high street retailer. The team hacked the device and effectively took control of a connected light, turning it on and off via the device; something our audience were incredibly surprised and impressed by. The final live hack was an SQL injection, where vulnerabilities in the way a simple script runs were exploited with ease by our team.

We were delighted with how well received the event was. Cyber security can often be a daunting topic to consider if you’re a business leader, but our speaker programme was engaging, thought provoking and topical. Local blogger, Phil Jackman, tweeted a great point: “Encryption is such a faff. I can’t help feeling that the world would be a better place without secrets. #DLCRWeek @Invotra
The audience gave us some great feedback, and all felt more confident and well informed about protecting their businesses both now and in the future. We look forward to working with Digital Leaders on future event programmes, and helping other businesses become better informed about cyber-crime.

Read Phil Jackman’s blogpost on the event and ‘hard cyber’ here.

This article was originally published here and was reposted with permission.

Comments are closed.