Homeland Security director says firms must be aware of internal cyber attacks

Cyber bad guys come in all shapes and sizes these days. However it is just as likely that the person sitting next to you could be the biggest threat to your company’s online security rather than the virtual criminal sitting thousands of miles away.

That’s according to one of the top experts from the Department of Homeland Security in the United States.

Douglas Maughan says businesses may be up to speed when it comes to their own IT systems, but any employee with access to a smart device – from phones to tablets and iPads – could pose a security risk of which most companies are not even aware.

Maughan, who is division director of Homeland Security’s cybersecurity division, believes most people volunteer too much personal information online – which leaves not only themselves as individuals open for attack but also potentially the organisations which employ them.

"The bad guys only need one opportunity to exploit," he said during a visit to Northern Ireland as part in the World Cyber Security Technology Research Summit.

Organised by the Centre for Secure Information Technologies at Queen's University, the summit attracted top experts from around the world and included insights from Facebook, Intel, McAfee and various governments.

Maughan tells his Belfast audience that complacency is one of the biggest dangers when it comes to cyber security.

“There is a general lack of awareness about the need for better security. Nearly everything that you own or come in to contact with – from your phone to your car to a medical device – is really just software, and software is vulnerable, so we need to learn about how we can understand the threats better.”

This year's summit took place against a growing uneasiness about the way companies and governments use information harvested online. The continued fallout from revelations by the whistleblower Edward Snowden, who revealed details of an orchestrated surveillance campaign by the US National Security Agency, has prompted questions about exactly how governments use online data.

According to Maughan, the scenarios portrayed in Hollywood movies or hit American television shows like Person of Interest might not be too far away from reality.

“Where do Hollywood thrillers get their ideas from? – real life. Do you ever think that scenarios that look like they came from the pages of a thriller could become reality? Or do you ever think about just how much organisations like Google, for example, know about you – or if that app you downloaded for Starbucks could be leaking information about you that you might not be aware of?”

He says that while businesses are more aware of the threat of a cyber attack or cyber crime being perpetrated against their organisation, they are perhaps less focused on their first line of defence – “the user”.

“The business community needs to look at the human piece of the threat because people now give away personal information without a second thought. From Facebook to downloading apps, every day they expose themselves to a new threat,” Maughan states.

He believes the cyber threat will escalate because the “workforce of the future” will in all likelihood be even more comfortable with sharing all kinds of personal information with virtual strangers.

“Technology is part of every- day life for kids today. They are so familiar with mobile devices there is a level of established trust. In the future, they could be even more free about sharing information online – too free,” according to Maughan who, incidentally, does not own a smart phone.

He says a global campaign to educate future workforces about online threats is needed. “It’s time to start educating everyone – even schoolchildren – about the danger of revealing too much online. Once its out there you can’t control it.

“We should start teaching kids how to code at five years old. These kids spend most of their lives on mobile devices so why not utilise their skills, help them make a career out of it.”

Queen’s is developing a new master’s degree in cybersecurity that will begin in September.

It says the demand for cyber security experts is growing at 12 times the rate of the job mar- ket. Queen’s currently operates the largest university lab for cyber security research in the UK. So far, it says the Centre for Secure Information Technologies has helped to secure more than 100 hi-tech inward investments and co-inspire new start-up companies, which employ 2,000 people.