The United Nations is putting pressure on governments looking to relax encryption security by citing the basic human right that people have to anonymity. In a recently published report the UN have defended the use of strong encryption as a way of protecting freedom of speech in the digital age. From journalists and protestors, to citizens who expect privacy online, encryption gives the opportunity to share opinions and debate without fearing exposure. But does protecting this right outweigh a nation’s security? By protecting freedom of speech are we also protecting paedophiles, terrorists, drug dealers and financial criminals?
On Wednesday the 27th of May the Queen’s Speech officially welcomed the Conservative party into power and outlined to the Houses of Parliament, as well as the UK as a whole, exactly what her government intends to do over the next term. For the first time in its history, the Queen’s Speech referred to ‘cyber-security’ and how data collection rules will be amended by David Cameron to modernise how we deal with communications data.
The Information Commissioners Office (ICO) is an independent UK authority that oversees information rights in the public domain. They encourage public bodies to be more open and promote data privacy for individuals. For the organisations who are regulated by the ICO this means obligations that they must comply with. For the public it means access to their personal data and the ability to raise concerns when they believe that an organisation has failed to adhere to legislation.
In 2009 the Financial Conduct Authority (FCA) unveiled legislation that required all calls between FCA regulated businesses and their clients to be recorded and stored. The idea was to securely collect conversation data, to ensure that market abuse was reduced and those who were responsible for mistreatment were punished. Mobile conversations were included in this, with calls, texts, instant messenger, social media and webmail all required to be monitored. Although an FCA regulation, mobile communication recording has very rarely been enforced, as the technology available up until now has been so poor. Thankfully this has changed.
‘The Internet of Things’ is not a new phenomenon. For decades people have been attaching sensors to networked intelligence systems in an attempt to create interconnected technology. ‘The Internet of Things’ in simple terms is exactly this; the act of connecting devices together over the internet and allowing them to talk to one another, communicate with the user and utilise digital applications. Efficient, intelligent and innovative, the possibilities for smart devices are extensive, but with that development comes a greater need for protection.
2014 has witnessed a significant increase in reported cyber hacks and related financial losses either due to prosecution, loss of reputation and even job loss due to non reaction to an event.
Attacks have become more sophisticated with the frightening revelations of some being persistent and carried out over many months. This begs the question: are individuals within organisations taking these threats seriously or are they not empowered to act?
2015 will undoubtedly see a further escalation of cyber attacks. Here are Tankard’s top ten tips to watch out for in 2015.
1. Limiting access to sensitive servers will become more of a necessity than a ‘nice to have’. You can’t hack what you can’t see.
2. Security awareness training for all staff will dramatically increase in order to improve areas such as password creation – organisations must somehow ensure that employees stop using ‘password’ or ‘12345’!
3. Tighter access control, especially for privileged accounts, will become a necessity. Many seemingly insider threats are caused by external individuals hijacking high-level credentials.
4. The EU Data Protection Regulation will finally be passed. Implications for data sovereignty will impact choice such as jurisdiction for data storage, especially in the cloud. This means self control or separation of key management of encryption keys will become imperative.
5. Actionable intelligence will become more of a buzzword. This will lead to investment in security intelligence platforms to provide non-repudiation of digital evidence – even for voice calls.
6. Continuous monitoring will be hot, as detecting threats will take over from merely trying to prevent them.
7. More automation in incident response, especially for attacks/incidents with clear escalation paths.
8. With the increase in uncontrolled development and downloading of applications for smart phones there will be a significant increase in rouge malware that will exploit both the data held on the platform or use the platform to make, for example, outbound premium rate calls or visit illegal websites.
9. Smart devices in the home will be targeted – smart means exploitable!
10. Santa in Christmas 2015 will not deliver by sleigh anymore and will outsource to Amazon drones!