As a panel of experts debates whether a security Armageddon is on the horizon - SC Congress London learnt that we're “not quite there yet, but we're close”.
Tony Collings, a fellow of the British Computer Society, a CLAS Security consultant and qualified UK Government Security Accreditor took to the stage to exclaim that he is not often seen with high regard due to his fierce opinions of those in control of security and IT systems.
“They don't know how to do their jobs, yet”, he said, while explaining that he once visited the premises of a large UK high-street bank, and was asked to do a due diligence check on the IT systems, the security and whether it's are compliant with data protection laws.
Collings said that he started with the HR system, only to find that the entire database had been outsourced, there was no mention of data privacy, security or protection on their contractors agreement, and it turned out that the director of the company has all but run out of the door in order to escape Collings' harsh criticisms.
This sort of behaviour obviously requires no further comment. Collings summed it up fairly by saying that the average CEO might just be happy to pay the fine and risk non-compliance, rather than implement the proper data handling which takes both a technology investment, and a significant human behaviour and training time investment.
Tony Dyhouse, previously high-level security bod for QinetiQ, now leader of the Trustworthy Software Initiative echoed Collings' sentiments of we're “not quite there yet, but we're close”.
Dyhouse explained that the never ending changes technology goes through and the need to have interconnecting systems now means that the critical infrastructure is being brought into our homes in the forms of connected kettles, watches and cars.
Both the lack of security commercial software/hardware, and interconnecting systems means that hackers will soon be able to hack our (autonomous) cars, planes and power stations. “Ransomware on autonomous cars, imagine that!”, he said.
Despite the introduction of PAS 754 by the BSI Group, the first specification for software trustworthiness, governance and management, Dyhouse said that hackers are now hacking laterally, trying to get into as many systems as possible. And this is what we need to stop in order to prevent armageddon.