The former head of cybersecurity for the British Army believes the next big cyber threat comes from Russia – as well as blockchain technology.
Jonathan Shaw CBE, who was recently listed in , sat down to discuss secure digital practices with .
Asked where he believes the next big attack will come from, he says: 鈥淪ecurity of cyberspace is an insecure medium – so much so that the Russians actually hacked into the NSA’s (US National Security Agency) database and found all of the backdoors.聽
鈥淎nd so, the Russians have a whole list now of backdoors they can exploit – we should expect exploitation.聽
鈥淭he other thing that’s immediate is that everyone’s getting really hooked on blockchain technology as if it’s some kind of panacea and totally secure. It’s not. It has back doors, it has been hacked.聽
鈥淭his idea that suddenly blockchain makes cyberspace a secure environment is complete nonsense. Watch out for that longer-term.鈥
China
He then points to 鈥渕ore a cultural question鈥 which unsettles him in the form of China.
鈥淲e’re in an era of strategic, fundamental change. We have lived in the era of what some people call [the] United States鈥 digital colonialism,鈥 he explains. 鈥淭he United States has developed the technology, and the technology embodies Western values. So, we in Britain haven’t been too concerned about it.聽
鈥淏ut as the Pentagon’s head of cybersecurity said on his retirement, 鈥榳e’ve already lost the artificial intelligence battle, China is going to win that鈥.聽
鈥淎nd so, what we’re seeing now is the start of the Chinese digital colonialism, and that’s going to fundamentally change the assumptions on which software is written.聽
鈥淭hose cultural features are going to really dominate us as we move into the AI era. To me, culturally, I find it very unsettling.鈥
Tips for staying secure
Organisations wanting to protect themselves against cybercrimes should remain 鈥榠nvisible鈥, he advises.
“When I talk about protection, everyone talks about 鈥榮hields鈥 and 鈥榮late blocking鈥. But to take a military analogy, if you look at how to defend a vehicle against attack, there are seven layers of defence and only one of them is actually a physical block,鈥 he says.
“I’d encourage people – particularly in the SME world – don’t get spotted, be invisible. The cyberspace is an insecure medium, it’s a dodgy place to be – if you can get hacked, you will get hacked. It’s a certainty. So don’t minimise your presence on the web: minimise your exposure.聽
鈥淒on’t go bragging about yourself unless you really have to. Now, I know that works against advertising, but be aware that the more you put yourself out there in the public space, the more you’re setting yourself up as a target.聽
鈥淭he second point is: prepare to be hacked. You know you’re going to be hacked. The more successful you are, the more likely you are to be hacked. So, prepare for it. There are all sorts of great systems so create resilience, create redundancy, train your people and prepare to be attacked.
鈥淎nd the third thing is: it’s not just you and your organisation, it’s your supply chain. Insist on similar disciplines of your command chain, all fairly simple stuff.聽
鈥淪o, minimise your exposure, prepare to be attacked, and make sure your supply chain also abides by good cyber hygiene.鈥