With suspicious minds

Business, Technology | Mon 10 Oct | Author – Business & Finance cyber crime

Tech innovation shouldn’t come at the cost of security, believes Colin Larkin.

Over recent years there has been a seismic shift in the way that businesses treat product development. As a society, we are more concerned about the novelty and functionality of a product than its quality and safety.

Whether consumers or manufacturers have driven this is up for debate, but the reality is that in a bid to get the latest invention into the hands of consumers, corners have been cut and quality compromised.

Another fact is that the rise of technology and the demand for ever-more innovative solutions are the fuels that have powered this change in attitudes. The Internet of Things (IoT) has changed the way we interact with the world.

NON-STOP CONNECTIVITY

Whether we’re at work, at home, or even in our cars, we are constantly connected to the internet. To illustrate just how integral IoT has become, let’s look at some quick stats:

  • According to a 2015 Gartner report, 6.4 billion connected ‘things’ will be in use by the end of this year.
  • Furthermore, they estimate that IoT will support total services spending of $235bn in 2016, up 22% on 2015.
  • Meanwhile, a TNS study reveals that the average millennial with internet access now spends 3.1 hours a day actively engaged on their mobile device.

Perhaps this shouldn’t come as any great surprise. After all, there is very little that can’t be done through some application or another on our smartphones. Whether it’s personal banking, turning on the lights and heating before you get home, or hunting Pokémon, the app and Android stores have you covered.

VIVA LA REVOLUCIÓN

This IoT revolution has paved the way for countless market disruptors across almost every industry. No one would ever have imagined that something as simple as hailing a taxi would become such a tech-heavy business.

But Uber and Hailo have completely revolutionised this space. Likewise, for fast food we have Just Eat and HungryHouse, while financial services are struggling to keep up with tech natives such as CurrencyFair and Mint.

Corners have been cut and quality compromised

As a result, businesses and consumers have come to expect a more tailored service at their fingertips. This expectation is pushing both traditional businesses and these disruptors to innovate at an alarming pace, adding new features and streamlining their offerings to enhance user experience.

But this speed to market comes at a cost, and the price being paid here is security. It has practically become a cultural norm to overlook and perhaps even intentionally ignore comprehensively testing the safety and security of software and applications. After all, why would you want to waste time scrutinising an app in the lab when it could be making money online?

A GOLDEN ERA

Sadly, this blasé attitude to security and a lack of policing in technology have been recognised by cybercriminals and cyberterrorists as an area to be exploited.

In recent years there has been a significant rise in cybercrime. In April, a PwC report revealed that it now accounts for a staggering 44% of economic crime in Ireland. Moreover, of those companies affected by cybercrime, nearly one in five incurred losses of between €92,000 and €4.6m.

The Internet of Things, where everyday items are connected to the internet, along with a growing reliance of businesses and consumers on cloud-based technology, all act as potential chinks in our cybersecurity. Hackers have been emboldened to attack companies of all sizes, from local SMEs to multinational behemoths.

And they’re after more than just financial information, targeting consumer data and intellectual property information – the loss of which can devastate a company.

In the past month alone, there have been high-profile attacks on An Garda Síochána, Hong Kong Bitcoin and Oracle subsidiary Micros. Meanwhile, it has been revealed that four out of five of Ireland’s leading retail banks are exposed to a SIM swap attack, whereby hackers gain access to consumer accounts through their mobile banking applications, and 900 million Android devices are prone to a new QuadRooter risk.

BEST OF BOTH WORLDS

Despite all this, I genuinely believe we can have our cake and eat it. We should be able to innovate without compromising the security of our software. It will mean shifting priorities, which in the short term shareholders will likely be unhappy about. But in the long term it will benefit everyone.

To do this we need a multi-tier approach in which government, corporates and consumers all play their part and take responsibility for ensuring the safety of their tech. In the UK and US, positive action is already being taken. Their governments have pledged £240m and $19bn respectively per year for enhancing cybersecurity and protecting critical infrastructure.

At home we are miles behind. The IDA has done a sterling job in positioning Ireland as a European tech hub. All of the top 10 global ICT companies and the top 10 ‘born on the internet’ companies possess significant operations in Ireland.

THE REAL DANGERS

colin larkin

Colin Larkin, Moqom

The digital economy now employs in excess of 100,000 people here, and accounts for approximately 5% of total GDP. Yet all we have is an aspirational strategy, but nothing truly concrete with which to tackle the threats of cybercrime and terrorism.

Ireland must invest in and develop a pro-active cybersecurity strategy

The real danger is that we could lose it all to the likes of the UK and US, who have put the appropriate regimes in place.

Following the UK’s example, Ireland must invest in and develop a pro-active cybersecurity strategy that clearly outlines how the threat of cybercrime will be addressed at government, commercial and consumer levels, setting deadlines for the implementation of specific actions.

Some of these actions might include:

  • The establishment of a dedicated body to govern the tech industry and protect critical infrastructure. The announcement of the National Cyber Security Centre has the potential to deliver this. However, government must ensure that it goes beyond simply complying with EU legislation and gives the necessary resources and powers to the body to improve standards of security in technology.
  • Setting up a dedicated cybercrime unit to disrupt and deter serious cybercrime at a regional, national and international level.
  • Creating a set of security standards that all software products must meet before they can be sold to the market. This will be key in breaking the culture of ‘act now, apologise later’ that currently exists.
  • Where breaches occur, enforcing greater penalties for those organisations that knowingly did not take the necessary precautions to protect their data and their customers. At present, the fines for such violations equate to a soft slap on the wrist, often less than the cost of a comprehensive security system and data protection protocol.
  • Developing certifications that address specific data protection and cybersecurity issues. As with manual handling training, educating employees who interact with technology at any level in an organisation should be obligatory.
  • Educating younger generations on the importance of cybersecurity. In the UK, cybersecurity is part of the curriculum for GCSE students, the equivalent of what is Ireland’s Junior Certificate. Equipping our children with a knowledge and awareness of the importance of protecting their privacy is essential.
  • Collaborating more with other international cybersecurity taskforces to share information and identify potential threats before they have a chance to do any harm.

CORRECT IMPLEMENTATION

As with all other crime, it’s unlikely we’ll ever be able to completely stomp out cybercrime.

Organised criminals will always find new ways to break in and steal from their victims. However, intentionally pushing a product to market or implementing IT systems without carrying out appropriate security checks is akin to leaving the keys in the ignition of your car and writing ‘steal me’ on the windscreen.