Lately, we’ve seen news stories about cyberattacks on manufacturers of children’s electronics, during which millions of parents’ and children’s personal information, including photos of children, were stolen. One incident involved over six million children’s profiles worldwide, including almost three million from the U.S. As an information security professional, we understand that in cyberspace, there will be casualties. But, we have to do our best to minimize the casualties and most important of all, that they do not involve children.
After the latest breach incident at V Tech, we saw experts sharing their technical advice on what we can do as end-users to prevent a breach of our information. So far, I saw the most commonly mentioned are: Enable 2-factor authentication whenever it is available; Don’t post anything private; Use strong passwords; and Don’t trust privacy settings. All of these suggestions offer sound advice for end-users. However, kids are kids; and in their innocence, they engage in online activities or use Wi-Fi-enabled gadgets without realizing the potential threats looming on the other end. We can teach them to be safe, but they still need supervision. With all of the intriguing online services, children will be too engrossed in their indulgences and forget about security. I, for one, being a technical advisor and a father of three kids, give advice from the point of view of a parent.
With the advantages of technology comes the need for awareness and education to help end-users understand the perils of the Internet. I think we should start with the parents – the gatekeepers to our kids. We need to start by learning how to protect ourselves, and then our children. Adults/parents/guardians should be educated on how to be "Safe and Secure Online". Security awareness is not rocket science, and as parents, all of us have the responsibility of getting trained. Sometimes this is only achieved by reading the fine print and instructions in a vigilant way, so we can envisage the potential pitfalls that our kids will face. One of the challenges here is the patience required to sit with your children and see what gadgets and online platforms that they are exposed to and how they use them.
On the other hand, there are a lot of security issues that end-users can’t control (say for example a server breach). Also, the service providers should be taken to task for not ensuring that the necessary controls are in place. Now I will put the ‘technical advisor’ hat back on. As I mentioned before, we understand there are casualties; but we as professionals should take extra care of all the data we collect in our systems, especially when it relates to innocent children. These incidents reinforce my belief in the importance of rigorous efforts in secure software development and cloud security.
I mentioned in a previous white paper on Cloud Adoption Spurs Concerns for Infosec Pros in Singapore the importance of security governance. Based on findings from the 2015 (ISC)² Global Information Security Workforce Study, when asked what methods information security professionals should employ to offer the greatest chance of elevating cloud assurance, Singaporean respondents see security governance adoption as a way to elevate information assurance in the cloud. Although they rank data encryption as the highest method for information assurance in the cloud, the second most popular method that they trust is adopting security governance; which Singaporeans rank higher than their counterparts worldwide and in the APAC region. Security policy is not about the technical aspects of information security. It is all about defining responsibility and accountability, and structuring policies to ensure that decisions are made in such a way that they help an organisation to achieve an accepted level of risk.
So when trying to figure out what holiday gifts to give to our children, we as parents should look to our hearts and minds. An electronic gadget might stop them from nagging you for a ‘fun’ present and pacify them during the holidays. However, to evaluate what is in their best interest is key. Sometimes, for young children, the best ‘toys’ are the gifts of parents talking to them and understanding their actual needs.
As a father and a professional, I think for me, my New Year’s resolution is to be a responsible father and security professional in guarding the future of our children.
I wish everyone happy and safe holidays!
-Chuan-Wei Hoo, Technical Advisor, Asia-Pacific, (ISC)2