What’s my vision? My purpose here at The Last Citadel is to take Cyber Security topics, which are often lengthy and highly complex, and turn these into easily digestible Info Bytes that allow anyone with little or no Cyber Security knowledge to dive in and understand how Cyber Security works.
Cyber Security and Cyber Safety are extremely interesting topics and I’m very excited to share my journey and experiences with you.
Let me start by stating that I believe Cyber Security skills are essential for every individual and organisation and they are a requirement that can no longer be ignored, or remain unchallenged. Whether you use a variety of software and hardware, at home for example, or you are involved in their design or implementation within an organisation, Cyber Security skills are essential in keep you and any organisation that you work for, or run, safe.
By using a combination of my experiences and the content that i post here, or via other channels like LinkedIn, i will help you to improve your core Cyber Security skills over time. You will become more familiar with Cyber Security topics, as will I, and at some point we will be able to access and understand some of the more complex components of the Cyber Security world.
Technology & Security
Technology plays a fundamental part of everyone lives in todays ever-connected world, whether at home, in the office or on the beach.
There are billions of individuals and tens of billions of devices (Laptops, Desktops, Tablets and Mobiles and more), increasing exponentially with every year that passes. Due to the lack of knowledge people have on how to safely operate the technologies they use, this creates substantial risk to individuals and organisations everywhere. Unfortunately there are people waiting at the other side ready to take advantage of that situation, for a variety of reasons. I’ll discuss the various reasons throughout my site.
The focus on Cyber Security for the benefit of the individual or the organisation isn’t where it needs to be. Individuals and organisation alike are struggling with the rapid pace of technology, standards and best practices. People are extremely busy, deadlines are tight, budgets are even tighter, there might be a little ignorance thrown into the mix also, but neither of these points are contributing to a safer world. A lack of funding or knowledge relating to Cyber Security is creating the perfect conditions for a race that will ultimately be lost.
Proactive Cyber Security, rather than reactive, is key (If we can get there!) and i want to foster and nurture that change in you, in all of us. Proactive means using security tools to identify a malicious attack before it happens and reactive is the messy end after the fires are roaring.
When it comes to either yourself as an individual or an organisation under threat from a Cyber Attack, theres very little that you can do at that point. Once the bad guys have you in their sights or have gained access to your systems, networks or data, the damage has already been done. Theres no going back at this point.
Having an extensive I.T background and having being involved in the cleanup work from a Cyber Attack, this is a highly stressful situation to go through and it really does take its tole on everyone involved. You’ll want to avoid this at all cost.
Cyber Security needs to have a bottom-up approach starting with people, rather than the top-down approach adopted by most leading companies and brands around the world. All it takes is for one individual to download a malicious file, click on a malicious URL, or it could even include a misconfiguration on an Internet facing server or web application during implementation. Once the door exists, it will be found and exploited and all of the security in place at that moment is rendered inert.
Security solutions and controls are built mostly around threats that have already been identified, anti-virus signatures or definitions for example, as it is impossible to predict the unknown or unseen. Cyber Security threats that have never been seen before, or that potentially work in a different way, might also evade the security controls that you use or manage. Its a point worth keeping in mind…
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted; none of these measures address the weakest link in the security chain.”
Kevin Mitnick
The Weakest Link
Basic Cyber Security skills, hygiene and know-how will enable you, your family or your organisation to understand the types of technologies you encounter, which features or standards they use, how those systems and standards can be abused and how to mitigate the risk as best as possible.
Due to the complexities involved with Cyber Security, technology and how quickly technology naturally evolves, it is vital to remember that no system, application or combination of technologies is 100% secure, despite what the manufacturer or vendor may say! You should therefore take every precaution wherever applicable and apply any security measures available to you.
A combination of the human element and the lack of Cyber Security knowledge, Cyber Hygiene or training, is the weakest link in the chain.
“As humans, we are of course imperfect. Therefore, its logical to state that all systems designed by humans, are also imperfect.”