Interesting times for information security professionals
by Brian Honan - Head of IRISSCERT - Monday, 1 October 2012.
There is an old saying, which some attribute as an old Chinese proverb, that states “May you live in interesting times.” Some say that this is a blessing you may wish upon a friend, while others say it is actually a curse. Within the information security industry it is indeed true to say that we are living in interesting times.

There are the constant updates and changes to the technology being used both in our personal and business lives. The way we work and interact with others is constantly changing. It is now not unusual for companies to have employees working remotely, checking emails from home or the road on their smartphones and/or tablets.

Through the wonders of the Internet a business can be available and reach out to millions of potential new clients in other countries. We collaborate and share information with each other, partner companies, clients and vendors quicker and easier than ever before. The way business operates is changing too thanks to technology. Tasks that would traditionally took longer to do manually are now automated and done much quicker, information is processed and analysed faster allowing decisions to be made quicker, and money can be transferred to customer or suppliers bank accounts with the mere click of a mouse button.

What was science fiction a few decades ago is now science fact as technology such as smartphones allows us to communicate and collaborate with each other in ways that a few decades ago would be unheard of. We can bank and shop online, we can watch videos of events happening anywhere in the world almost as soon as it happens, and we can share our personal trials and tribulations with friends and relatives no matter where they are through social networks.

Our modern lives, economies and societies rely more and more on the digital realm than ever before. This ever increasing reliance on technology brings with it many new threats and also amplifies existing threats. These threats range from the atypical curious teenager attacking computer systems to see what damage they can do, to hacktivists looking to highlight their cause through digital mayhem, to criminals looking to pillage our digital wallets, bank accounts and data, and to state sponsored entities looking to steal national and industrial secrets.

Just as technology has enhanced and made our lives easier so too has technology better enabled these threat actors to impact our lives in a negative fashion. We also have to contend not only with the deliberate disruption of our computer systems by certain actors but also the accidental failure of core computing systems to impact on our lives.

The IT outage at the RBS banking group in the UK is a prime example of how interconnected our digital lives have become. The outage over a number of days impacted on individuals who could not gain access to their bank accounts, on companies who were unable to pay their staff and vendors and led to many business deals collapsing. The digital woes of one organization had major impact on the lives and businesses of countless others.

So the technical advances of these “interesting times” can also be viewed upon as a curse. Our constant battle against those who cause harm, either deliberately or accidentally, to our systems, data, finances, economies and societies may seem endless. Indeed there are some who will say that at times this may be a hopeless task.

The life on an information security professional can be indeed be seen as one lived “in interesting times”. However, I argue that it is up to us to decide whether these “interesting times” will be a blessing or a curse. If we constantly look at the negative aspects of technology then it is inevitable that we will view it as a curse. If all we can see is threats and not opportunities then we will constantly be fighting a losing battle.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th