We were pleased to attend the IT Services security event on Thursday 8 November 2018, which hosted a number of interesting speakers from different IT security specialisms. The event provided a deeper awareness of IT security from an insider’s perspective and the essential work that individuals and organisations in this industry do to manage and prevent the risks we face.
The National Cyber Security Centre (NCSC) for example, protects our critical services from attacks in addition to minimising the impact and maintaining continuity should an attack take place. At a more local level, the Scottish Business Resilience Centre was established to advise and empower organisations in Scotland with a greater awareness of the threats posed and offer support and advice should their security be compromised in anyway.
One thought provoking talk discussed the security of a newly built car. The speaker, a graduate of Ethical Hacking from Abertay University, showed how he was able to compromise the physical locking system by conducting a radio frequency attack using specialist equipment and essentially gaining access to the car without using a key. Although it is unlikely to suggest that we may fall victim to this kind of attack, it highlighted how dependent we are on the companies that make our devices being able to prevent such attacks.
Most relevant to us as web developers was a talk from Nick Blundell from a company called App Check. Nick discussed the common technical vulnerabilities that make websites susceptible to attacks by displaying examples of inadequate user input sanitation, which can lead to security issues. In the worse case, a malicious attack could get access to personal information or disable vulnerable systems.
The event also highlighted how we as individuals have a responsibility to be vigilant and take the appropriate measures to protect our personal data as best we can. Think about your passwords, do they need updating? When choosing a password, the longer the better. A 16 character phrase with spaces was suggested by the Scottish Business Resilience Centre. They also advised against using the same password for different accounts.
Overall, we gained a great insight into different levels of IT security, the risks we face and how vigilance is key to protecting our personal data.