With all the new stories about personal data being compromised by companies, IT Security continues to be topic. We recently spoke to Tim O’Neill, who is now Head of Security at Turning Point, to give us a real insight as to why security is so important.
Tim went into security after his first job in Banking Systems. The role was mixed with IT and Security. “We started to develop security as methods were changing. I have approached security from different angles in the past, from technical to personal perspectives. I always took it very seriously and the progression of roles has led me here. I was the Assistant Director of IT, then Head of Security and IT, so it involved looking after two roles initially.”
Security is quite varied, it encompasses the whole business and primarily looks for areas of vulnerability where information can be compromised. “There are specialist areas in security such as database, web, mobile app and network. I look at all those areas, but I also look for much more; I look at whether the recruitment is done properly such as checking whether people have criminal records, policies, procedures and methods of working. It’s all about using your eyes and ears in technology because people are the weakest point often through no fault of their own. They have access to many business resources which makes them the first base of trying to hack a system, known as social engineering.”
There is always the risk of an individual pretending to be a part of a help desk or a colleague in need and hackers rely on being given more information than they should.
This isn’t uncommon. It has happened to many of companies, one example was a financial services company, who were hacked by an email. “An email came into finance with a spreadsheet attached and it was supposed to be next year’s bonuses. Finance opened the email because they wanted to find out more information, and once the email was clicked on, 40 million customers’ information was stolen and the hackers were able to figure out the pin codes to compromise the systems.” Tim explained how in the past you were able to use firewalls and antivirus to prevent hackers, but now there’s a need for more than just that. Employees should only have access to the data they need in order to do their job, and their job only – this ensures no one has access to too much data making the individual less of a data leakage risk.
The demand for security is increasing, and we asked Tim why that is. “The tools have changed. 20 years ago, hacking in general was quite targeted, they were against a company and infrastructure. Nowadays, if you go onto the web, you can buy hacking tools that run on Windows and with one click, it’s just as easy as buying normal software. Anyone can buy it, there are upgrades available and now the hacking world is open to many more people. You can use YouTube to learn how to use the tools.
Originally hacking was used to leak information and embarrass organisations. Now it’s about charging an individual or a company money to have their compromised files unencrypted. Hackers have actually found methods to make money directly from the victims of hacking which has led to a massive change in the market.”
We asked Tim how someone can get into the field and what employers specifically look for in candidates.”I look for mindset as you have to think ahead for potential problems. An example is being in a coffee house. The data from the laptop which connects to the router is often unencrypted and it only encrypts when it links to a website. Somebody could pretend to be the Wi-Fi hotspot, and can then steal information as they go along. You need to be able to think about how people can take advantage of what you’re doing or what the business is doing. This is very important as most businesses have invested a lot of money into their infrastructure, their people and their processes. We are looking for a certain type of intelligence when it comes to security work and there are different aspects to it. Sometimes we need someone who will understand down to a code level exactly how the hacks are working.I recommend an ethical hacking course so you can start to learn how hackers think.”
Security is highly important nowadays which is why it’s interesting to know how employers can help identity theft. “Organisations have got to get their fundamentals right. Even just simple things like having computers facing away from customers, because you never know who could pick up on the information and use it to steal data – it’s a zero cost fix, but the biggest vulnerability is the people. Keep employees happy and they will be less likely to compromise you willingly, make sure they can’t access what they shouldn’t and they can’t compromise you fully.”
Are you looking to progress your career and get into security? We have a number of security roles available to you. If you would like to find out more information on the type of roles we offer, give us a call today on 020 7426 9835 or visit our website at www.jitr.co.uk.