Cyber Security: Why it’s Everybody’s Problem
According to the Cisco 2014 Annual Security Report, “The sophistication of the technology and tactics used by online criminals – and their nonstop attempts to breach network security and steal data – have outstripped the ability of IT and security professionals to address threats. Most organisations do not have the people or the systems to monitor their networks consistently and to determine how they are being infiltrated.”
The same report claims that, in 2014, Cisco had estimated the security industry would have a shortfall of more than one million cybersecurity professionals across the globe. The gap is expected to blow out to five million by 2020. Also in short supply are security professionals with data science skills, which are necessary to understand and analyse security data in order to improve alignment with business objectives.
These figures clearly demonstrate that there is a growing skills gap in the security industry that needs to be addressed and it is not just an IT security problem. With so many security systems now operating in the digital domain, it is a security problem for the entire industry. PSIM, or Physical Security Information Management Systems involving the management of CCTV, Access Control, Intrusion Detection, Identification Management and so on, now sit right alongside the traditional information systems and, if not properly monitored and managed, can be just as vulnerable as intellectual property, account details and records.
However, through the growth of the Internet of Things and the switch from Internet Protocol 4 (IPv4), to IPv6 now providing for up to 78 Octillion IP addresses, that is 78 Billion, Billion, Billion addresses, we could conceivably provide every person, every device and every grain of sand on the planet its own IP address and still have trillions of addresses left over. Why is this important? Because that is exactly what is going to happen over the next decade. Every camera, every card reader, every sensor, every RFID tag, person, phone, tablet, toothbrush and can of drink will have an IP address so that we can better use, find, enable, disable, monitor, manage and track everything and everyone everywhere all the time. Embrace it, hate it, rebel against it or accept that it is already happening. The choice is yours. The point is, as more and more security systems and services move into the cloud, traditionally secure physical security systems become vulnerable to cyber security threats. Even security officers will become vulnerable as we begin to see the adoption of body worn surveillance systems linked back to control rooms. Poorly secured links to such systems could potentially allow people to see and hear exactly what the security officer is seeing and hearing.
So, cyber security is not just the IT department’s problem. Cyber security is an issue for every security company, every security manager, every security vendor and every security integrator. It is up to each and every single one of these groups to tackle the problem and talk about the issues now, before those people who would subvert security services and systems are able to do so in a major way. If this challenge is just left to IT security professionals, then the industry runs the very real risk of letting this challenge get out of control. Professional development, networking with peers, seeing what others in the industry are doing and collaborating on standards and solutions are all going to be crucial factors in ensuring that security can remain in front of the coming cyber security challenges.
See you at Security 2015.
John Bigelow, Editor, Security Solutions Magazine