Crossing the road

Last week I spoke for Jersey Cyber Security Centre (CERT.JE) about the changing threats facing us - from the very active offensive cyber campaign forming part of the war in Ukraine, to the emerging threat from AI tools that can be used for harm as well as for good.

But the important part of my comments was to show that whilst these cyber threats are real, there are sensible steps we can take to respond - we do not have to bury our heads in the sand and hope for the best.

I made the analogy of crossing a road safely. We do basic things like looking left and right consistently and well. We don't make pedestrians wear crash helmets, reduce speed limits to 5mph, or ban people from leaving the house.

However, we also do the basics every time, not most of the time. Look left and right only 99% of the time and you will eventually be hit by a car. Not maybe - definitely.

So when we talk about basic controls - two factor authentication, rapid patching, only running supported systems, basic assurance like The IASME Consortium and the UK Government's Cyber Essentials Plus Scheme - these are not optional, nice to have or aspirational. We can't opt one system out because it's difficult, inconvenient, or the CEO's pet project. This is basic hygiene that that we can't afford to get wrong.

If you're a business and you are running systems without 2FA, operating unsupported hardware or software, more than 14 days behind in your security patching, or sending confidential information such as bills or passwords to your customers by email: my simple message is just stop now. If you can't fix it, turn it off today. And if you can't turn it off? You know you need to fix it today.

That malicious hacker, organised crime group or aggressive nation state doesn't care about you, and they will simply run you over. So look left and right. Do the basics. Every time.

Because we're watching.

And so are they.