Since its inception, our wonderful connected world has been a battleground for cybercriminals vs law enforcement and security professionals, who are locked into a twisted dance of punches and counterpunches as the arena in which they fight evolves around them. We continue to connect more and more Things, providing new and elaborate opportunities for attackers to launch their weapons of mass disruption.
Not everything is awesome, but you are part of a team!
Somewhere down the line, if you're connected you're going to be (or have already been) affected – whether it's a device you own being pwned, or your account being compromised on a third party system. Cybercrime doesn't care which language(s) you speak, or where you pay your taxes, your data and information have a value either directly or indirectly (I can pretty much guarantee that someone reading this will have at some point re-used a web account password on their corporate network account). As cybercrime naturally transcends traditional borders, a consolidated global effort is required to combat this global foe. And yes, it needs reiterating – We Are All Responsible – you can't reap the benefits of the internet without playing a part in keeping it safe. You don't necessarily have to be an expert either – Team Global Security, which you are a part of (welcome to all of our new members!), has some very strong players in its ranks, and regardless of your level of expertise you do have an important part to play. Awareness, vigilance and frankly Just Not Being Bloody Stupid (yeah I'm looking at you, with the re-used password on your corporate account – go and change it right now, thanks) are all important ways in which you can help the cause.
You have the security industry and profession on your side, and your government too. That's pretty solid backing I'd say. If you've ever uttered the words “the government should be doing something about this” then you'll be pleased to know when it comes to Cyber Security there are multiple collaborative initiatives happening Right Now. “Wow, that IS awesome!” I hear you say. Yes. Very Awesome Indeed.
So what's going on?
As I type this blog, the U.S. are in the midst of the 13th annual National Cyber Security Awareness Month – a joint venture between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS). Every week in October has a theme [PDF], covering everything from securing critical infrastructure to how to practice good security habits on your personal devices. If you're of a Twitter persuasion, take a look at the #ncsam or #cyberaware tweets to get information and advice from industry gurus, vendors and businesses. Or if you love our blog (and of course you do), check out the series we have going. And whilst this is billed a U.S. party, Team Global Security can absolutely benefit from the event.
Across the pond in the UK, the big news here is the opening of the National Cyber Security Centre. Whilst many of the NCSC team will operate from GCHQ in Cheltenham, around half of the 700 staff will be based in some rather stunning London offices close to Buckingham Palace.
Via four key objectives, the centre aims to be the beating heart of the Government's strategy for the UK to become “the safest place to live and work online”.
These objectives cover a multitude of areas, ranging from the all-important knowledge sharing through to being front and centre on critical national cyber security issues:
- To understand the cyber security environment, share knowledge, and use that expertise to identify and address systemic vulnerabilities.
- To reduce risks to the UK by working with public and private sector organisations to improve their cyber security.
- To respond to cyber security incidents to reduce the harm they cause to the UK.
- To nurture and grow our national cyber security capability, and provide leadership on critical national cyber security issues.
The centre opening coincided with the launch of a new website, which is an excellent resource for both people and organisations in the UK, and for the wider global audience too.
In Singapore, the government recently announced the formation of GovTech – a new agency established to “transform public service delivery with citizen-centric services and products.” Security naturally falls under the remit of the agency - GovTech will also play a critical role in overseeing the public sector's ICT infrastructure, putting in place policies for critical infrastructure and cybersecurity to enable the operation of a secure and resilient Smart Nation.
No matter whether you're a citizen of the US, the UK, Singapore, or somewhere else entirely, there is plenty of information, advice and best practice sitting at your fingertips. Global issues need a global response, and these initiatives are vital efforts to help us all enjoy this wonderful connected world.
Rapid7 has your back
If you think your organisation would benefit from some cyber security awareness training, maybe it's time to book in a pen test, or you'd like some help with your overall security program - we're happy to help you. Do you need more foot soldiers to help you fight the good fight? Your army of cyber guardians are ready for enlistment [PDF]. Our team is your team – let us know how we can be of assistance.