Cybersecurity starts with the weakest link – the user
- 23 April, 2018 09:37
When the user is the weakest link, it requires a multi-disciplinary approach to tackle cyber security.
That’s according to Giovanni Russello, Associate Professor at Auckland University, who heads its Cyber Security Foundry, which draws expertise from a number of departments including law, psychology and electrical engineering.
“When you are in front of your machine there are some behavioural aspects that ‘bad guys’ can try to exploit to get into the system, with phishing attacks for instance,” he says.
“The problem nowadays is that we are so overloaded with multi-tasking, that sometimes we become less careful when we are browsing and clicking emails, and links within emails. So, one of the ideas is to see if we can use behavioural analysis to see if we can detect if people are overloaded and see if we can do something to make them aware they are tired or experiencing some kind of fatigue [and] that they should pull back and be more careful.”
He says they are also looking on the “technical side” to find a way to automatically isolate the machine from the network when user fatigue is detected. It is technology already being developed for smart cars.
Russello came to the University of Auckland six years ago and after noticing a gap, he began focussing on cyber security. He offers courses for fourth year students, and a post-graduate Masters programme but he’d like to see cyber security offered earlier in computer science programmes.
“You have to code with security in mind,” he says. “It is not just an add-on, it’s not like you deliver and then maybe we discover there are some bugs and maybe we try to solve it. It’s already too late, that’s when problems are real, and that’s what we should avoid.”
His ambition for the Cyber Security Foundry is to forge greater ties with industry and he is looking to create internship programmes with companies. Currently many of the brightest students are being employed by telcos, some while they are still studying.
When asked if iOs is more secure than Android, he says there is no difference. He was once part of a start-up involved in creating an Android security solution, but Google bought out a competitor and made the solution part of the core offering, thereby destroying the business model. (As an aside the only social media he is active on is LinkedIn, for professional reasons).
When Minister for Communications Clare Curran launched the Wellington branch of the Cyber Security Foundry earlier this month she noted that in 2017, New Zealanders reported losses of over $5.3 million from cyber incidents. Curran has announced a refresh of New Zealand’s approach to cybersecurity, releasing two cabinet papers detailing her proposed approach.
The paper says there is potential for New Zealand to be recognised globally for its ability to manage the cybersecurity risks. According to the Genome Startup Ecosystem report 2018, the most significant Cyber Security Ecosystems are in the US, Canada, Holland, Germany, Czech Republic and Israel. Russello says there is also excellent work being done in China, which is not highlighted in the report.
He notes that the top academic conferences feature papers from Chinese institutions and that the Chinese Government is investing hugely in this area. This is in contrast to his experience in New Zealand, where the Government remains very focussed on agriculture and perishable goods.
“If I go to for a grant [to Ministry of Business, Innovation and Employment] with a cybersecurity idea, I have to compete with the people who want to make wine, a better sheep or a better cow,” he says.