by Mark Johnson
Cybercrime and Open Source Intelligence professional
Bring your own device, BYOD. If, like my wife, you've never heard of it before today, you've probably been doing it for a while regardless; taking one or more of your personal devices to work. It could be a phone, a smartphone, a tablet or laptop, and work could mean the office, a virtual office or merely a business trip. The details may differ but the implications of BYOD have long been felt by risk and security managers, from increasing numbers of data breaches to dramatic rises in numbers of malware infections.
The reasons are varied, but here are some of the most common scenarios. You might recognise one or two:
- The device holding unencrypted sensitive personal data (yours or your client's) that gets left behind on the train, plane, bus or taxi, never to be seen again.
- That time when your child borrowed the laptop you take to the office occasionally, and went who knows where on the internet, downloading a virus in the process.
- The matter of the colleague who uploaded client files to Dropbox without authority, in order to work on them from home over the weekend, and then shared the folder online with the wrong person. (Yes, that happens a lot too.)
The list goes on. The point is that, as we each take on the role of personal procurement manager, system administrator and security chief for much of the technology our homes contain, the number of security and fraud vulnerabilities increases in parallel. And you only need to watch the news these days to understand why that's a growing concern. Everything is now online in one sense or another and we are becoming more vulnerable by the hour.
But BYOD is already old hat. Even if it is a hat you didn't realise you owned, it is already transforming into a hat you wear. A bit like Wear Your Own Device. Starting with smart watches that exchange data with your smartphone, and ending who knows where, WYOD isn't the future: it's now. You might not be wearing smart devices yet, but people around you are, or soon will be.
The implications of colleagues interacting with sensitive systems, or attending confidential meetings while wearing a potentially hackable smart watch or pair of glasses are yet to be fully explored, but in a landscape in which even the humble fridge has been hacked and used as a spam server (almost as soon as it was connected to the internet), anything is possible.
WYOD policies and planning are urgently called for. Don't wait until it's the device that's wearing you!
BYOD2? What's that, I hear you asking. Well, it's BYOD on steroids and it's coming to an office near you sooner than you might expect. BYOD2 means Become Your Own Device. The technology has been around longer than most of us realise. For example, the once revolutionary but now relatively humble pacemaker implanted near a patient's heart. This is being surpassed by new innovations such as enhanced vision through the use of retinal implants, or by nanochips (ultra-small microchips) implanted at the back of the eye. Companies in the UK and Sweden have even gone as far as to chip consenting employees in order to control access to key areas and to facilitate paying for cafeteria food without the need for a traditional card.
This won't end here. We are on the cusp of not one but several simultaneous high technology revolutions that will have profound effects on both data security and on the very concept of what it means to be human. Once they become commercially viable, implanted enhancements will rapidly create a new class of cyber-sapiens, mostly flesh and blood, but part-computing technology, leading to a need for new codes of ethics, conduct and security practice, not to mention the social and cultural implications. You thought encountering someone wearing headphones was disconcerting? Just wait!
This is likely to be compounded once genetic engineering really takes off; my grandchildren might be both technologically enhanced and genetically engineered, possessing implanted data processing and storage, and increased longevity. They will look at their grandad, with his retro retinal implants and hearing aids as a quaint throwback to a bygone era.
Meanwhile, increasingly autonomous robotic devices will soon challenge us with other questions about attribution and accountability, as well as individual or corporate responsibility for unintended consequences and due diligence. For the time being though, we need to mull over the implications of a not-too-distant future in which looking someone in the eye and shaking their hand might actually involve looking at an implanted webcam and exchanging personal data wirelessly through a chip in the palm.
Mark is leading a masterclass on 3 December 2015, designed to help organisations like yours stay abreast of the most recent cybercrime risks. Discover what you must do to protect your systems. Find out more about Cybercrime: How to Safeguard Your Organisation.