Music - Moose - www.bensound.com/moose
Intro – Hi, my names Kyle Aitken and this is a short documentary about the problems of Cyber Security at work.
Interview 1 – Hello my names Neil Martin, I don’t know wither that’s the first thing I shouldn’t be saying, given the fact were talking about security. But since you don’t know where I am or where I live, we should be ok at that level. I work as an internet and security specialist, em, I work in mainly the financial sector, but also in various other business areas. Em, I specialize in firewall management, but also web and email access. Eh, and work mainly in the network side to support security of various institutions.
People always get it wrong when they think about security. And they talk about hacking and they use the word cyber, almost, but without fail, in the wrong context. Cyber security is in fact a very broad sweet of controls institutions put in place to make sure that they are not threatened, hacked or attacked, both from outside and inside the organization. In the 21st century, the main problem that most institutions have are not from outside their business, but from inside. The evidence is shown that the majority of data leakage, the majority of fraud and the majority of financial and reputational loss is, has occurred, not because some third party from outside the business has managed to get through the firewall, or manage to attack a pc, or managed to get into a server. More often it is because somebody from inside the business has made a mistake, allowing somebody else to gain access, or has deliberately gained access for their own nefarious purposes.
My job is to do three things, one is to design the network to make sure that it is its least vulnerable, to any form of attack. Two is to identify when an object, or network has been attacked or hacked, or compromised in any way. And the third aspect is to prove what is commonly called the threat surface, em, for a vulnerability has been exposed. That is, yes we’ve been attacked. Yes, we’ve been exposed. What is the exposure. How much data are we due to lose? How much compromise has actually been reached, within our organization? These are the three main planks of any network security, within an organization.
Interview 2 – Hello my names is eh, Jim. I am a security architect for a large financial organization. Em, my job involves looking not at where we are with our feet right now, in terms of the vulnerabilities and flaws that we have, in the cyber warfare that we have with people inside and outside the organization. I look at the threats that are coming in the next eighteen to twenty-four months. So my role is to understand the current position of the organization, the current threats that face us, the position the business is in, and the position the business wishes to be in, in up to 24 months away from us just now. And to make sure that technology and processes is in place to manage the threats that the business will face in that timeframe. And we do this across the globe. So we manage firewalls, we manage anti-virus, we manage, em, remote access into the organization. We manage, em, data leakage, so, data leaving the organization, wither it be accidentally or purposefully. But ultimately my role is to facilitate access into the organization, to allow it to conduct its business. And to do that in a way that is as responsible as possible, in terms of business activity and in terms of cost to the organization. So, items that we have been focusing on recently, relate to, the ability to have data leaving the organization, as I mentioned previously, that is a big topic. There is a, a program coming in from the European union, called GDPR, which relates to how we manage our customer information.