Rob Norris tells TechWeekEurope why education could play a major role in providing the security specialists of the future
It seems that every pasing week brings news of another major company hit by a cybersecurity attack or data breach – so why is it that, even with this amount of attention and investment in IT departments, it still happens so much?
TechWeekEurope spoke to Rob Norris, Fujitsu’s director of enterprise and cybersecurity, to get his thoughts on the current threat landscape and how companies can best safeguard themselves.
“Cyber-security should no longer be seen as an IT department issue but one that extends from the user to the boardroom…it’s everyone in the company,” says Norris (pictured left) at the Fujitsu World Tour event in London.
Norris says he was shocked at the state of the security landscape following a five-year absence, as he realised most of the protective technology in place was still the same as when he left, meaning many companies were significantly at risk.
“What struck me was that, although these technologies are all still there, they simply aren’t enough any longer,” he says.
Another issue is the fragmentation of security services, as many in-house specialists now just look after a single aspect, meaning they no longer have a holistic view of the entire process.
“You need someone that sits across the top that can actually analyse all of the different information and actually predict what’s going on from a threat intelligence perspective.”
The company has a significant cybersecurity presence in the UK, where it employs 220 security specialists, many of whom are in its SOC (security operations centre) in Warrington – one of five Fujitsu centres across the world.
And with over four decades of experience, Fujitsu knows what it is talking about, Norris says, especially when it comes to existing threats such as spam and malware.
“It’s pretty easy now for users to be fooled into opening emails, especially if you’re not computer-literate,” he says, noting that often it is simple carelessness.
“People think it will happen to someone else…it happens so much that people have just gotten used to it.”
The rise of bring your own device (BYOD) programs in many organisations has also raised the risks of individuals being targeted.
“If you see the amount of information that is out there right now on any individual, using social media – we’re making it easy, in some instances, for people to (steal data),” he adds
But recent hacks have also seen the rise of younger hackers, familiar with the technology, being able to manipulate and use it for their own gain. These young talents are an untapped resource, Norris claims, and one we should pounce on before it is too late.
“Kids play, they have inquisitive minds – they’ll test boundaries as to what they think they can get away with – and what they can’t.”
This education needs to begin at schools, Norris believes, as children as exposed to technology at an extremely young age, giving them a major head start over others, with children as young as five being able to learn about the effects of their activity online.
“If you try and educate them when they’re GCSE age, it’s probably too late – it needs to be at a very early age…we’ve got to go to kids when they’re younger.”
Looking ahead, Norris highlights a big upswing in phishing and malware attacks as the major threats facing businesses today.
But today’s threats also evolve and develop like never before, meaning everyone needs to stay alert when anticipating an attack. More sophisticated, personalised and targeted attacks are also affecting more people than ever before, as users struggle to identify threats that are disguised as legitimate-looking emails or attachments.
“You’ve got to keep a consistent eye on it,” Norris says. “[staying secure] is starting to get really difficult.”
He also notes the growth of banking Trojans, as certain sectors such as banking and retail are increasingly targeted by criminals, and how Fujitsu is aiming to be more proactive than reactive in trying to identify threats before they happen.
“A lot of organisations are acting in isolation – what we need to do is make them aware that you need to pull the information together and get different data feeds to stay current – otherwise you become out of date very quickly.”
Biometrics is also a field of interest for Fujitsu, as the company has made big investments into the technology, but Norris warns mass adoption is still a few years away.
“The technology is more secure than it has ever been,” he says, noting that a swing in public opinion means that more people would be willing to use biometric identification today, thanks mainly to the likes of Apple’s TouchID technology.
Although there are still question marks of how and where user information is being stored or secured, as more and more people who have grown up with the ‘digital world’ become consumers, the technology is now widely accepted.
Fujitsu is now working on putting its PalmVein biometric technology into car doors, front doors and even ATMs, showing that the future could be closer than we think.
“We’re getting a lot of interest,” says Norris, “we’re probably two or three years away (from mass adoption)…this stuff is real, now all we need to do is connect with businesses to show them how they are going to use it.”
“It’s a pretty exciting business to be in, to be honest!”
Are you a security pro? Try our quiz!