Sony crisis: The role of education in fighting cybercrime

Late November 2014 was an embarrassing one for Sony Pictures. Attackers infiltrated the computer network and masses of confidential information was leaked to the public. For the media the choices on reporting were endless: which leaked document to report on? Who was responsible? How could Sony have let this happen? As the speculation continues, the US and UK government have been forced to take cybersecurity measures and are rolling out cybersecurity proposals.

Royal Holloway, University of London was one of the first UK universities to focus on information security (InfoSec). In the wake of the Sony hack, we catch up with Professor Keith Martin, Director of Information Security Group for his thoughts on the role of education in tackling cybercrime and the biggest threats we are facing today.

How important is it that we train more InfoSec experts?

It is crucial that we train more people to be aware of the risks in cyberspace and to better protect ourselves against cyber threats. We certainly do need more cyber security experts, but we also need everyone in the population to become a bit more expert at dealing with the basics of cyber security. The "cyber security skills gap" that many refer to is not just about training more experts.

What are the big threats?

The biggest threats that we face arise from the increasing connectivity of everyday technologies. Our homes, our cars, and almost all the technologies that we use on a daily basis are increasingly connected to the internet. Likewise the backbone infrastructure such as power stations, hospitals and transportation systems are increasingly intelligent.  It has thus become possible for a remote attacker to target many aspects of our society that previously required physical access. We could face many problems if we don't provide sufficient cyber security for all these technologies and networks. We also face potential changes to the level of privacy that we achieve in society since all these technologies have the potential to gather very personal data about our lifestyles.

Can we really protect successfully against the bad guys given the scale of government?

One of the problems in cyberspace is that it is very hard to determine who the "bad guys" are. Indeed the Snowden revelations make it very unclear the extent to which "government" has been acting as a defender in this regard. I do believe that it is possible to build a cyberspace that provides the functionality that we want and is sufficiently secure that we trust its use (to an extent we have elements of this now, but much of it is under strain), but there is no guarantee that this is the future that will eventuate. There are many complicated choices that we will have to make along the way in order to achieve this.

What's the role of education and academia?

As in any aspect of life, education is important, and academia as an educational provider has a significant role to play.

Are current degrees and qualifications fit for purpose in the new era?

There are already a good range of degrees and qualification that specialise in cyber security. What needs to change is for appropriate education in relevant aspects of cyber security to feature in more general education. For example, management degrees probably do not currently equip graduates with enough understanding of cyber security to prepare students for the cyber security issues they will face in their professional employment. Many computer science degrees do not yet contain a sufficiently strong cyber security component.

Is it too much to say that we are entering a new Cold War but one that is virtual?

I don't think this is a helpful or meaningful analogy. The Cold War was an ideological political standoff between two identifiable opponents. Many of the threats that we face in cyberspace come from non-state actors, acting for a myriad of different reasons (many for purely financial gain) and are very hard to attribute.

Do you think businesses are taking cybercrime seriously enough?

Some are, some are not. There have been enough high profile incidents in recent years to make it barely credible that a business would not take cybercrime seriously.

What are your predictions for cybercrime in 2015?

More of it! And much more cybercrime targeting mobile phones. As phones increasingly become our personal computing devices, and as we do more financial transactions using them, they present themselves as a highly attractive cybercrime target.


« Typical 24: Tommy Petrogiannis, Silanis


Keepod Africa: Computing access for all? »
Ayesha Salim

Ayesha Salim is Staff Writer at IDG Connect

  • twt
  • Mail


Do you think your smartphone is making you a workaholic?