Education and horror stories are key to security awareness

Image credit: Studio KIWI /

It turns out that the much publicized hack of Ukraine’s infrastructure was more about human behavior and bad security practices as ancient IT. In fact, more so.

The head of Microsoft went to work on the problem and started in the President’s office. He found that every computer had the same login and password (let’s guess ‘President’ and ‘Password1’ shall we?). Much has changed now, but he reports a huge and quite rude and aggressive backlash when he insisted people change their password on a regular basis.

And before we all sit back, and tut, and mutter “typical” under our breath, take a moment to consider your own password management. Could do better? That would be the most likely school report for most of us.

At the other end of the scale, the iconic Black Hat, Defcon event is happening in Las Vegas. Some of the hacks being demonstrated there make you want to go back to bed, and stay there. A car wash that can be persuaded to trap your car inside and attack it with the robotic arm. The wind farm that can be taken out of action with some lock picking tools and a proof of concept worm.

Meanwhile, HBO has been hacked and there may be a script of an unaired Game of Thrones on the loose.

Oddly, the good news is that events such as the one hosted by Black Hat show how sophisticated the threat level is. That, and horror stories in the press, raise awareness. And once awareness is raised, human nature begins to think the situation is intolerable and “something should be done”. As the pressure mounts on someone – governments, companies, anyone – to do something, so too does the budget and the will to actually do it.

This, in turn, opens the door and the mind to education, and – as in the Ukrainian case – education would have saved a lot of trouble.

There are, of course, many initiatives to combat these kinds of attacks. Organizations in Asia are collaborating on best practice in cyber defense. The GSMA and others have active fraud groups, and sharing data on attacks and bad guys will surely begin to turn the tables. And, of course, as threat level rises, so too do the salaries for certified and experienced cyber professionals.

And, as we said before, we are now beginning to use tools such as AI (as in the fast look up version) to help close in on the baddies.

And if we cannot actually stop all of them, which we probably never will, at least we can react so fast the damage can be limited.

Meanwhile I am off to YouTube to watch that car wash hacking, crushing thing.

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.