I would like to briefly touch on information security in the age of the Internet of Things (IoT). This carries on from my last blog article, which looked at proactive vs lazy security practitioners and, in particular, those who focus on raising the personal security awareness, and therefore the greater security maturity, of their organisations’ human resources.
In my last blog I raised the spectre of hacking humans brains following the recent disclosure that Facebook has been experimenting (sorry researching) affects of positive versus negative feeds from friends.
Human factors have always been the bane of security professionals, and social engineering is also high on the list of factors requiring mitigation measures and controls. Yet their very nature makes them highly variable – humans will always work out circumvention to a control if it makes their lives easier.
Whether you attribute this quote to Rita Mae Brown, or Albert Einstein, it’s out there and it sums up a lot of security practices: “Insanity: doing the same thing over and over again and expecting different results."
Enex TestLab’s various divisions cut across a large number of industry sectors, perhaps more so than most organisations. From my perspective, we deal with an impressive number of organisations and individuals within those industries. Heading this organisation, therefore, requires me to wear a number of different hats in any given day. But the one common denominator is the humans that we need to interact with.
I get around a lot, and I mean that in the nicest possible way. Over the decades there seems to have been a seismic change in the government and organisational view of operational security and exactly what the function and charter of that role entails.
It is an interesting construct this theory of privacy. Increasingly, people are becoming aware that the more highly and ubiquitously they become digitally connected to the global economy, the more they are forsaking their personal information. Not just basic information either, but their likes, dislikes, views, opinions and passions. And that information is being aggregated.
It used to be the fear of 1984 and Big Brother—watching and controlling citizens’ every move. These days the writing is on the wall, while Big Brother is watching via the CCTV networks, little brother is insidiously infiltrating our computers and smart devices to build a cache of information—and it is no longer simply making off with corporate/personal data/information. Enter the RAT.
Matt Tett is the Managing Director of Enex TestLab, an independent testing laboratory with over 22 years history and a heritage stemming from RMIT University. Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA. He is a long standing committee member of the Australian Information Security Association (AISA), Melbourne branch, and is also a member of the Information Systems Audit and Control Association (ISACA). Enex TestLab can be found at http://www.testlab.com.au blog at http://enextestlab.blogspot.com and can be found on twitter as @enextestlab.