Cyber Security is the Theme of 2017

There have been many high pro­file major cyber secu­ri­ty inci­dents this year, includ­ing:

There are many best prac­tices which were obvi­ous­ly ignored, allow­ing these breach­es. Equifax’s breach was caused by a months-old soft­ware patch to Apache Struts not being applied.

While there is a cost to imple­ment­ing these secu­ri­ty patch­es, in 2018 I hope to see deci­sion mak­ers put more weight on cyber secu­ri­ty as they see the true cost of these breach­es. The Apache Struts / Equifax inci­dent for exam­ple may have required recom­pil­ing of all web appli­ca­tions and a main­te­nance win­dow last­ing a few hours, but this would be val­ue for mon­ey com­pared to the total cost of the breach.

I’ve imple­ment­ed and improved cyber secu­ri­ty prac­tices in a num­ber of ways includ­ing:

  • Automat­ing oper­at­ing sys­tem and soft­ware patch deploy­ments on a Win­dows domain using Man­ageEngine Desk­top Cen­tral, and imple­ment­ing audit­ing to ver­i­fy and report on failed patch­es.
  • Hav­ing a thor­ough knowl­edge of tech­nolo­gies I use when devel­op­ing web appli­ca­tions, allow­ing me to imple­ment them secure­ly. For exam­ple, by tak­ing the time to learn how ses­sion authen­ti­ca­tion cook­ies work at a deep lev­el, I am able to ensure my appli­ca­tions are secure. There are of course many more lev­els than authen­ti­ca­tion to secure.
  • Advis­ing local busi­ness­es when I see an inse­cure WiFi con­nec­tion. Recent­ly I saw a retail estab­lish­ment offer­ing free WiFi, and this net­work allowed access to a sub­stan­tial HVAC sys­tem with a default user­name and pass­word.
  • Advis­ing on the use of an encrypt­ed VPN when trav­el­ling and using unse­cured WiFi con­nec­tions, to pre­vent pack­et sniff­ing and Man in the Mid­dle attacks.

While it can be argued that noth­ing in such a con­nect­ed world can be 100% secure, pro­fes­sion­al knowl­edge and busi­ness deci­sions in the field of cyber secu­ri­ty are becom­ing increas­ing­ly impor­tant.