Jurassic Park. Alien. Westworld.
What do these movies have in common? (Note: spoilers to come #sorrynotsorry)
These movies are all perfect examples that no matter the quality of our security controls, there is no 100% secure, 10/10, “never-will-be-breached” situation or product. That’s right. The dinosaurs escape their state-of-the-art enclosures; the spaceship and the isolation chambers can’t hold back the aliens; and the programming that means the robots can’t ever harm humans… you guessed it, it fails and the robots start harming the humans!
Even the best technological solutions are not infallible. If there was a way to ensure 100% security, the number of data breaches reported in the news would be non-existent.
Who is Clement Arul?
Clement has 23 years of experience as a Principal Security Consultant, Penetration Tester, Ethical Hacker and Security Trainer. He is a recipient of multiple National and International awards and is ranked as one of the Top 20 Cybersecurity Professionals in the world by IFSEC Global for 2021 and 2020. He consults for multinational companies and governments in the ASEAN region.
Physical vs digital security
To frame the security discussion a little more, let’s first look at this concept from a physical security standpoint. At home, we would all (hopefully) lock our doors and windows to ensure no persons could access the house without permission or approval. Locking the door means visitors must knock and identify themselves before we authorize and grant them entry.
For extra precautions, we may add extra locks, fences, gates and/or security cameras. Yet, this is still not a 100% solution to the problem. We still know motivated persons may find or create access points into our home… but these physical security measures sure do make it more difficult for these unauthorized individuals.
While we may not think of it the same way, the same concept holds true for our digital security. The more we layer our digital security, the more we increase the effort for cyber intruders to access our devices.
What is Security? It is making the intruders life more difficult
Antivirus is not a silver bullet
There is a general misconception that you can slap on an antivirus and voila! Security achieved. However, antivirus only protects against known malware.
That means, antivirus software can’t protect against unknown malware, new malware variants, other vulnerabilities, or social engineering tactics.
While antivirus may not be a security silver bullet, having antivirus in conjunction with other security measures builds up a more holistic security response. Antivirus software is a critical layer in our defences, but needs other practices to allow us to implement cybersecurity best practice.
Some of the other layers in cybersecurity best practice Clement shared are:
- Anti-virus + Endpoint Detection and Response (EDR)
- Patch your devices
- Beware of Phishing scams
- Stick to trusted websites
- Be cautious in responding to emails
- Download diligently
- Avoid using USB
- Avoid public wi-fi.
Mobile devices are an extension of ourselves
When our mobile phone is compromised, our whole identity is compromised
Now I don’t know about you, but my phone is basically an extension of my arm. *while this is true, this does not guarantee a prompt text response — sorry.
As an extension it follows me where I go, holds all of my important information, and is a direct link into my personal life. Because of this, it means ensuring the security of my phone is vital. While I feel I can safely say that everyone takes precautions to ensure no one can physically take or access their phone, we don’t always think about the ways someone may access it digitally.
To improve the digital security on your mobile phone, Clement suggests:
- Utilising Mobile Threat Defence (MTD)
- Ensure you regularly patch your device
- Password protect with strong and unique lock
- Install a remote wipe application
- Turn off wi-fi and bluetooth when not in use
- Delete applications which are no longer in use
- Be careful while giving permissions to applications
- Do not jailbreak / root your Device(s)
- Avoid public wi-fi.
Internet of Things
We live in an interconnected world, creating a living, breathing ecosystem of devices. Internet of Things are devices or other technology that connects and exchanges data with other devices and systems over the Internet.
While this means your Roomba can be controlled from your phone, the smart fridge can tell you when you’re out of milk, and the coffee machine can be turned on as you arrive home, it also means your coffee machine can be turned against you (and not just by withholding its sweet sweet caffeine!).
To ensure you are safe in your home, for all devices connected to the internet:
- Patch your device(s) — For example, modem, Smart TV, home CCTV
- Configure the security options on devices
- Change passwords every 3 months
- Enable Multi Factor Authentication (MFA)
- Limit exposing devices to the internet
- Disable WPS on wi-fi and Use WPA2 / WPA3.
If a technology cannot protect itself, it will not be able to protect you
