“Recent attacks on Carnival, Garmin, Easyjet as well as attacks on healthcare providers and researchers demonstrate the lack of moralistic values that criminals have and the fact that a global pandemic only provides them with further opportunity.” – says Steve Brown from Mastercard.
Does more connected devices mean more attacks? How to stay secure in the age of Connected Everything?
More connected devices ultimately means a bigger surface area for cyber criminals to exploit. It will often mean more devices with vulnerabilities, more devices with default security settings and therefore prone to exploitation.
To stay secure in a Connected Everything / IOT world requires diligence and education about such device usage. Fundamental security measures such as changing default settings/passwords to user unique passwords and two factor authentication can assist exponentially in securing domestic and business infrastructure and devices.
How are AI and ML helping in identifying threats? What needs to be implemented to make it even more efficient?
AI and ML assist in being able to analyse and interpret vast quantities of data in a far greater depth and with greater efficiency than a human resource ever could. In what is essentially a game of data, the ability to analyse and interpret, accurate, reliable information and intelligence is key to providing protection to a business and preventing attacks from happening in the first place – know your adversary, know your infrastructure and protect it.
There will however, always be a requirement for the human element. The natural investigative and inquisitive ability of cyber security professionals, the ability to ensure processes and protocols are written and practiced, can make the difference between a business surviving a cyber attack or not. To ensure better efficiency, the skills shortage in cyber security needs to be addressed to complement the emerging AI and ML technologies.
What does the future hold for cyber security? Will the developments be postponed or sped up due to the recent global situation?
They have to be sped up – criminals, organised crime groups and Nation States aren’t stopping, in fact they are capitalising on global events to launch further attacks and prey upon societal and technical vulnerabilities to maximise their gains. Recent attacks on Carnival, Garmin, Easyjet as well as attacks on healthcare providers and researchers demonstrate the lack of moralistic values that criminals have and the fact that a global pandemic only provides them with further opportunity.
Cyber security has to be seen as an investment and to be a core part of any business set up whether it is an SME or a multinational company. The relative losses that potentially stand to be made owing to data breach, incident response, business continuity costs, brand/consumer loyalty dwindling, consumer confidence plummeting, share price falling all impacting the bottom line mean that business should be ahead of cyber security in a proactive, preventative sense rather than a reactive one. Otherwise cyber security will remain on the periphery and always subject to lack of funding and therefore always leave a business prone to attack and data loss.
Steve Brown works as a Director, Cyber Security for Mastercard and he is a European lead for cyber security products and services. He is responsible for implementation and integration of Mastercard’s Cyber Security Framework including data breach detection and cyber risk assessment technologies and capabilities across all related stakeholders. Steve leads research of security and cyber innovation trends and threats in the consumer device, retail, ACH, payment card and broader financial services. He works with industry partners to determine and detail the cyber crime threat to Mastercard and its customers. He leads on engagement with European governments and customers to identify and mitigate those cyber security threats. Steve conducts cyber security capability gap analysis with a focus on external customers and delivers educational workshops to Mastercard employees and its customers, increasing the capability, capacity and knowledge to identify the threat of cyber crime and the relevant products and technologies to mitigate it.
Steve was also a part of the National Cyber Crime Unit for the National Crime Agency. He managed the UK’s strategic and tactical response to cyber crime with overall responsibility for the collection, management, analysis and assessment of intelligence on the cyber crime threat to UK. He ensured a proactive response to prevent and mitigate harm to UK individuals and business through assessed threat and risk management. He worked across Government and Industry to determine and detail the National and International response to Cyber Crime.
He was also embedded with the FBI Cyber Division as the UK Government’s Cyber Attaché to the USA. He was responsible for diplomatic and political relationships and negotiations relating to the investigation of cyber criminality affecting the UK and USA.