Today's issue of the UK cyber security strategy coincides with a dinner I went to earlier in the week. At the dinner a security expert demonstrated various types of electronic surveillance, including a £50 gsm bug that can be left under a table and will call a programmed number whenever there is a conversation in the room, relaying the conversation. We also discussed the capabilities of systems like the (mythical?) Echelon system, which can filter information needles from data haystacks. Hackers are one thing, but this stuff is truly scary.
This got me thinking about my own antennae for cyber security risks, and what questions a CIO should be asking about the security of their information:
- for each of my major customers, suppliers and other organisations I do business with, how useful would it be for them to know what I know?
- would they go to the lengths of using electronic surveillance to find out what I know?
- how capable would they be of finding out? Are there people or organisations that would help them?
- if they did (or already were) would I have any means of detecting this?
