TECH TALK: Bill Magee says that if we fail to securely lockdown the basics of digitisation then everything else fails
Cyber Scotland Week 2021 closed at the weekend after hosting upwards of 150 virtual events. A mighty collective effort showcasing globally all we do best digitally. It included the latest developments on the role of women in tech, AI, 5G, cyber clusters, innovation clinics and innumerable other connectivity solutions plus the inaugural cyber community awards. Lots of private and public sectoral cyber activity. Some truly inspiring as Scotland’s digital transformational moves were mapped out.
Yet what stood out for me was a streamed report from Barracuda Networks that an overwhelming 95% of tech staple – the Office 365 mailbox – harbour security breach threats. That’s got everyone’s attention. Including mine.
For no matter what technological advancement and breakthrough promises are on offer, if we fail to securely lockdown the very basics of digitisation, then everything else, kind of …well… fails.
This is not meant to devalue the annual cyber event in anyway. Anything that simplifies what’s become known as the internet’s “third platform” combining an ever-growing list of social, mobile, cloud and Big Data-rich media offerings, is not only welcome but vital.
The Barracuda report is especially relevant as the pandemic continues to force organisations to have employees working from home, exacerbating security risks inextricably-linked to online/mobile remote working.
In this digital age it’s reckoned we’re all engaged in the biggest communications shift since the Industrial Revolution. The trouble is, despite all the ultra-sophisticated technology to hand, if there’s a security breach it’s the basic mailbox that is likely to be the first port of call.
The tech “old timer” has doggedly hung on as the number one communications tool for business but why do we hang on to such an apparently redundant and profoundly unsafe piece of IT kit?
Steven Peake, the California company’s email security specialist, in a series of webinars with Scottish partner Capito IT services and solutions, says organisations should get their accounts scanned right away.
It comes as many organisations still do not take full advantage of a digital “always connected and engaged” agenda because it can create commercial unease.
‘If there’s a security breach it’s the basic mailbox that is likely to be the first port of call’
Instead, the simple email still appears a safer bet to communicate with customers because a measure of apparent control exists. After all, you don’t have to click on that message, or download that attachment. No matter how tempting it might appear.
Gartner analysts maintain the integration of digital elements into work processes has become ubiquitous. Every employee is a digital employee, every business endeavour has a technology component, every budget is an IT budget. Therein lies commercial tension.
All of these exciting tech developments can appear daunting to significant numbers of organisations, who continue to prefer a perceived “safer” home market represented by the everyday domestic email. Rather than being launched onto the global stage digitally, where a company may feel ill-equipped.
At times such mainstream tech integration has been likened, rather, to a huge digital wave crashing down on and outpacing business-as-usual. Many remain nervous their networking controls cannot cope with perceived highly disruptive technologies or robust enough to fend off fraudsters – or told they’re in danger of lagging behind competitors if they don’t install the latest piece of tech in what smacks as nothing more than a marketing ploy to buy a particular product.
Barracuda dealt with literally millions of breaches in 2020 missed by organisations’ existing so-called protective email gateways: 4,550 organisations were helped by scanning 2,600,531 mailboxes and discovering 2,029,413 attacks.
That is one heck of a lot of emails. Mostly wide open to malicious messages appearing legitimate, spear phishing for financial data, business email compromise scanning, conversation hijacking and services impersonation. One of several latest malware attacks is labelled “Silver Sparrow” aimed specifically at Apple Mac devices. Digitally, what’s to do?
One solution is to investigate application programming interface scanning. API-based mailbox defences define interactions between multiple software intermediaries and potential vulnerabilities.
As long as it’s backed up with training sessions – involving not only employees but also managerial – to avert what remains one of the biggest causes of email mishaps. Human error. Oh yes, plus that chestnut, regularly changing passwords that we all mean to do.
Something the newly-formed CyberScotland Partnership of ten organisations, including Scottish Government, Police Scotland, SBRC, SCVO and ScotlandIS, will, no doubt, be looking at as integral to the new strategic framework for a cyber resilient Scotland.