For every action, there is an equal and opposite malfunction. While I am an advocate for system hardening, it must be done bearing the context and business needs in mind. Simply applying the latest firmware and patches looks like a good idea in practice, but doing so blindly and without planning to understand the pros and cons can be more of a hindrance than a help. The same holds true for disabling and removing services, installing new tools and taking a draconian approach to policies. Sometimes you break more than you fix, ending up doing the hackers job for them.
Cyber Security is a constant learning curve that changes daily. New threats are emerging while old threats continue to plague us. Entering the workforce after years of education, we are bombarded with reminders to be vigilant. I often think many have begun their cyber security awareness training too late. With nearly every child today not knowing a world without the Internet, smart phones, and millions of apps, are we finding more willful ignorance or simply desensitisation? Experience and cyber smarts are best started from an early age to gain a crucial employment advantage, protect our valuable data, and remain secure.
There are two crucial steps in achieving adequate cyber security. The first is moving from ignorance to awareness. The second is moving from awareness to action. Many would agree that getting the visibility we lack is critical, making the first step achievable through awareness activities, education, and readily-available tools. Unfortunately, achieving the second step can seem impossible when, despite having all the information before us, we fail to act, rendering the achievement of awareness moot. Knowing where you are does not guarantee knowing how to get where you need to be, but we must begin somewhere to eventually arrive there.
The more communication technology we have, the less we actually communicate. It is both intriguing and disheartening to observe individuals together communicating with anyone but the person right in front of them. Mobile technology should complement, rather than replace, human interaction. One may witness the visible frustration when only one is preoccupied with their mobile device; the resentment is very obvious. This manner of interaction is reminiscent of television channel surfing where we do not care what is on, but rather “what else” is on. When will we recognise the most interesting “program” is the one we are already watching?