The former head of cybersecurity for the British Army believes the next big cyber threat comes from Russia – as well as blockchain technology.
Jonathan Shaw CBE, who was recently listed in The Official Top 16 Digital Disruption Speakers to Book for 2022, sat down to discuss secure digital practices with Mark Matthews.
Asked where he believes the next big attack will come from, he says: “Security of cyberspace is an insecure medium – so much so that the Russians actually hacked into the NSA’s (US National Security Agency) database and found all of the backdoors.
“And so, the Russians have a whole list now of backdoors they can exploit – we should expect exploitation.
“The other thing that’s immediate is that everyone’s getting really hooked on blockchain technology as if it’s some kind of panacea and totally secure. It’s not. It has back doors, it has been hacked.
“This idea that suddenly blockchain makes cyberspace a secure environment is complete nonsense. Watch out for that longer-term.”
He then points to “more a cultural question” which unsettles him in the form of China.
“We’re in an era of strategic, fundamental change. We have lived in the era of what some people call [the] United States’ digital colonialism,” he explains. “The United States has developed the technology, and the technology embodies Western values. So, we in Britain haven’t been too concerned about it.
“But as the Pentagon’s head of cybersecurity said on his retirement, ‘we’ve already lost the artificial intelligence battle, China is going to win that’.
“And so, what we’re seeing now is the start of the Chinese digital colonialism, and that’s going to fundamentally change the assumptions on which software is written.
“Those cultural features are going to really dominate us as we move into the AI era. To me, culturally, I find it very unsettling.”
Tips for staying secure
Organisations wanting to protect themselves against cybercrimes should remain ‘invisible’, he advises.
“When I talk about protection, everyone talks about ‘shields’ and ‘slate blocking’. But to take a military analogy, if you look at how to defend a vehicle against attack, there are seven layers of defence and only one of them is actually a physical block,” he says.
“I’d encourage people – particularly in the SME world – don’t get spotted, be invisible. The cyberspace is an insecure medium, it’s a dodgy place to be – if you can get hacked, you will get hacked. It’s a certainty. So don’t minimise your presence on the web: minimise your exposure.
“Don’t go bragging about yourself unless you really have to. Now, I know that works against advertising, but be aware that the more you put yourself out there in the public space, the more you’re setting yourself up as a target.
“The second point is: prepare to be hacked. You know you’re going to be hacked. The more successful you are, the more likely you are to be hacked. So, prepare for it. There are all sorts of great systems so create resilience, create redundancy, train your people and prepare to be attacked.
“And the third thing is: it’s not just you and your organisation, it’s your supply chain. Insist on similar disciplines of your command chain, all fairly simple stuff.
“So, minimise your exposure, prepare to be attacked, and make sure your supply chain also abides by good cyber hygiene.”