I don't want more toys for this year
I want the three kings bring me procedures, professional people and experiences. I'm not going to say that last year was full of toys like appliances or tools but it was, once again, a lack of procedures, methodologies, methods and security policies. Many organizations spend a lot of money in new tools and appliances but they forget of managing these new toys, they may think it's plug&play, once it's installed, everything is OK. However, this is not so, most systems need to be managed for someone, but for professional people who know what they are doing and how they have to do it.
There are some things that we have to take care in this new year:
- Security is increasingly important in Industrial environments because a mistake could kill people and not only lose money. At the beginning, industrial systems was isolated of other networks like Internet, but today, companies are connecting industrial systems to Internet for saving money because they can manage these systems remotely and easily from one unique operation centre. I think, IT engineers and Security engineers should make an special effort to understand industrial concepts and we should work with Industrial engineers together for protecting their environments, not only with toys but with procedures and methodologies as well.
- Many things have Internet today or we can connect many things to something. I mean, many things are interconnected somehow like socks, toothbrush, ball to our smartphone, or the air conditioner and the smartTV to Internet. IoT have a lot of advantages but if we don't protect these things properly we can get a lot of disadvantages too. Starting with SmartCities, there could be many sensors like parking sensors, light sensors or sensors for improving traffic but if we design smartcities without the security concerns we'll get insecure cities. Therefore, it will be a mess, that along with the privacy, we'll have a lot of work to do.
- Cyber-attacks are profitable because we have seen a lot of ransomwares and spearphishing campaigns in recent years and they are increasing. Why? Because it's easy to deploy a malware, easy to cheat someone and difficult to know who is the attacker. Therefore, security awareness is still a must in most companies because the weakest link is the employees, they should know what is social engineering and what to do in these cases. Training employees for security matters there should be an aim for most companies.
We'll see what the three kings bring me this year but the world is crazy today, we've had many unlikely events last year like the elected president Donald Trump or the Brexit and we don't know yet if the information security is in the middle of this mess. As a result, get ready for the worst and hope the best.
What do you want for the three kings? Please, take care of your privacy and your information.