The answer’s in the cloud

Alan Jones, co-founder of YEO, looks at recent measures announced to counter cyber attacks.

Last week saw Data Privacy Day in Britain, and simultaneously Business Secretary Greg Clark announce measures for the UK to become a world leader in the race against some of the most damaging cyber security threats. As  the co-founder of YEO, a private messaging app, I’ve watched eagerly as these new announcements develop. The new government initiative has indicated that funds are targeted at hardware development, which will help to reduce the risk of cyber attacks.

We now live in a world in which most of our daily interactions are made online, and there is more concern than ever about how our privacy and personal data is protected. A survey we commissioned this month revealed that 57 per cent of UK consumers have avoided sending certain information over messaging platforms due to privacy concerns.

Privacy is something we are born with the right to, and yet is something we are losing at a rapid rate. The government’s pledge to help is certainly a step in the right direction, but the question is, is this the right move? Is it enough? While hardware restrictions such as reduced port access and pre-configuration will definitely help, the government has to better understand how a cyber attack is able to manifest itself.

Access routes
Cyber attacks require “access” to a network, and further access to the storage within the network. Access is sometimes gained by a process called port knocking, where the offender externally opens ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Here, hardware design with dynamic firmware can certainly aid prevention. However, in today’s business and home environments, there are a multitude of access routes to the network.

The government announcement touches on IoT and Home Control products, and the latter in particular adds to either a home or business vulnerability. (IoT products are generally only equipped with RFID emitters and have little or no capability beyond acknowledging what they are and possibly an on or off function.) Home Control systems however, like Crestron, Control4 and Savant, use sophisticated CPUs, which enable, and can control, network environments. This is where legislation should be required to insist on restricting their access or enhancing their security.

The government’s report highlights that 40 per cent of UK businesses have experienced a cyber security breach or attack in the last 12 months, so it is vital that businesses and consumers benefit from increased security and protections built into digital devices and online services we use every day.

Unilateral approach
The fact is that in a business network, you have so many areas of vulnerability: software, hardware, USB devices, and mobile phones, all capable of executing malware which is able to enter and attack the network. Only a unilateral approach through discipline and education of staff, alongside further developments in hardware, will reduce the likelihood of attack.

Moreover, the more companies which adopt a BYOD (Bring Your Own Device) policy to smartphone users and allow wi-fi access, the more difficult it will be to control any potential threat. If companies were to insist on employees only using cloud-based social and messaging systems, which do not permit file downloads that could be carrying malware code, safety will be greatly heightened. Messaging products where content is not only cloud-based, but users are unable to forward, save or screenshot attachments, prevent any form of contaminated file being executed on the phone to attack the network.

These types of policies, together with better education of personnel, more disciplined procedures and cloud-based policy for communications, should all be included in the governments vision, and funding should be allocated across a broader area than simply hardware, to have a significant effect on reducing vulnerability.