Contents
Landmarks
Figures
Tables
Page List
Confident Cyber Security
To FC, thanks for being on my team at home and at work.
And, to everyone in the cyber security community including those of you who are just joining us lets keep learning, sharing and making the world a safer place.
Contents
LIST OF FIGURES
LIST OF TABLES
Many people have helped and supported me whilst writing this book and Im grateful to each and every one of them. First and foremost, to my husband FC, for his enormous help and support not just in writing this book, but in everything I do. Hes my biggest champion and Im grateful for that every day. Im lucky to have a wonderful family thanks to my Mum and Dad, Sue and Richard, and my brother, Danny, and his wife, Lucy. And, of course, Bubble the cat has been an unwavering cheerleader.
Thanks to the team at Cygenta not just FC but also Madeline, Richard, Natalie and Dave for being so helpful, and so patient, while Ive been juggling this and the business. Thanks to all of my lovely friends, including those on Twitter, who have cheered me on from the sidelines. Ive already mentioned Natalie, one of my oldest and dearest friends, so I must thank the others, or Ill be in trouble. Catriona, Aleyna, Laura and of course Kat, who started me down this path (Ive just about forgiven you!).
This book features many amazing contributors and I really appreciate everyone who has shared their stories and their insights. Thanks to my fellow board members, and the whole membership, of ClubCISO for their moral support. In particular, I would like to thank Rob Bainbridge for sharing his time and expertise. I am grateful to Professor Peter Batey, whose red pen and counsel have continued to stand me in good stead ten years after finishing my PhD.
Special thanks to my editor at Kogan Page, Rebecca Bush, whose patience, professionalism and positivity throughout has been instrumental in completing this book. Im grateful to the whole team at Kogan Page for making this book possible.
And, finally, to Yorkshire Tea. I could have done it without you, but it would have been much harder.
You cant work in cyber security unless you are very technical.
Users are the weakest link in cyber security.
Hackers are all criminals!
Cybercrime is targeted. Its only the concern of governments and big business.
No one would target me; my data is not worth anything!
These myths, and many more, plague cyber security. In this book, we will see why all of the above statements are false. We will demystify cyber security, and show the breadth and depth of the field; how it encompasses not just computer science, but also psychology, sociology, physical security, behavioural economics, marketing, design, education and much, much more.
Cyber security is a topic that cuts across pretty much every area of life. Government, healthcare, politics, fashion, sports, the media, big business, small business, charities, education you name it, it is affected by cyber security. It is a fascinating, challenging, fast-paced field that changes every day, but at the same time is concerned with issues that have been a part of human life for centuries. In the last few years, awareness has grown phenomenally. Cyber security issues make national news on a seemingly daily basis, and it has become a boardroom and household subject of conversation.
Having been working in this industry for nearly ten years, Ive witnessed this rise in awareness alongside a growth in understanding of the diversity of the topic. I have always worked on the human side of cyber security; I am passionate about raising awareness of cyber security, positively influencing peoples behaviours online so they operate in a more secure way, measuring and advancing organizational cyber security culture, and translating technical messages for a non-technical audience. When I started in the field, this was very much a niche area of the industry and I would frequently have to explain to my peers in the community what it meant to work on the human side, and why people are an important dimension of this field. That is no longer the case: working on the human side of cyber security has become pretty mainstream within the industry. There has been an explosion in understanding that people are a fundamental part of cyber security, whether from the perspective of analysing the motivations and profiles of cybercriminals to designing security products to be more user-friendly, from recognizing what makes us so susceptible to social engineering to how we can better-communicate cyber security messages to be more mindful of pedagogy.
When I was a teenager in the early 1990s, first experiencing the internet, I would never have expected that I would go on to have a successful career in a technology field let alone the field of cyber security itself. This was, understandably, not even remotely on the radar of my schools career guidance professional. I was interested in technology, a little, but I didnt think I was capable of a career there. I was more interested in people, and disciplines related to understanding themes of society: history, English literature and sociology.
Later, having finished my PhD and not knowing what to do, I was headhunted by a cyber security consultancy. I had no idea what cyber security was or how someone who saw themselves as non-technical could be relevant to the field, but I was keen to find out. The UK Government had not long since released their strategy on cyber security and it was obvious that it was becoming more of a priority for them. The role was to involve carrying out cyber security assessments of organizations, and interviewing people about how they work with technology and understand risk so the skills I had developed during my academic career were relevant. I was ready for a change, and excited to learn something new, so I took the job.
Entering the field of cyber security is a steep learning curve. However, what I immediately loved about the subject is how much there is to learn and how new challenges can emerge every day. This is one of the many things I still love about working in this industry: no two days are the same and being bored isnt much of an option. I quickly began to understand how my work before entering cyber security was relevant people are easily as central to this discipline as technology.
The history of cyber security
The history of cyber security starts many years before the invention of the computer. Encryption a system of encoding data to prevent prying eyes from reading it is often assumed to be so entwined with computers that we can forget that this cornerstone of cyber security is thousands of years old. It is claimed that Histiaeus, a Greek ruler in the 6th century, tattooed a military message on the shaved head of a slave before waiting for the hair to grow back and sending the slave to his ally with a message to remove his hair and read the secret missive.
Julius Caesar is credited with inventing one of the first encoding systems, aptly called the Caesar cipher or Caesar shift. The Caesar cipher is very simple compared to the encryption mechanisms we have in place now, but at the time was revolutionary. It is a substitution cipher in which each plaintext letter of a message is replaced by a letter a fixed number of positions down the alphabet. So, if there is a rotation right 4, A would become E, B would become F and so on. For example, if we are going to encode the words shift example and shift four to the right, it would become wlmjx ibeqtpi. This is illustrated in the wheel below.
Next page