15 minute podcast – We share our passion on cyber security

15 minutes for a podcast is perfect! It’s not too long, not too short and we got to share the most important things. Last month we did an in studio recording with Teknisk Ukeblad , a popular Norwegian magazine.

The podcast is in Norwegian and can be listened to here:

In essence we got to share several important aspects of our ideas and concepts, and they are summed up below.

They wondered why we choose the name River Security. For us, it is all about upstream thinking, solving problems where they manifest, instead of solving the symptoms.

Next is a quick section on the general security of Norway’s far stretching country, how well are we really secured? Chris Dale makes claims that unfortunately things are not looking too good, it’s actually pretty bad in many places. Why is it so? Part of it, Chris said, is due to the naivety of people in general. There’s built-in trust in people which may support trade between businesses really well, but it’s a double edged sword as this trust is often misplaced in scammers and fraud schemes online.

Businesses are often adverse against taking on risk in terms of patching and keeping systems up to date in terms of security. Perhaps they shy away from patching and updating because they can’t set their priorities straight, or because they’ve tried to update something before, it failed and they won’t try again. Unfortunately, many businesses are impacted today because they’ve got less than par information security.

Nation states are also attacking one another, even among friends there’s countless acts of digital attacks. Information is everything in 2020, and that’s what they’re often trying to steal. It could be stealing technology, i.e. industry espionage, or just trying to compromise assets to seek intelligence against one another. Cyber espionage is absolutely real!

We discuss legislation and new rules regarding surveillance of Norwegian citizen. The discussion on whether or not mass surveillance is the solution or not was brought up, something Chris feels is the wrong solution to the problem. Technology moves so fast, and the legislators and politicians can’t keep up. Heck, barely technologists themselves can keep up, yet these politicians and legislators are the ones to try control it.

Discussions move onto why and how companies get hacked. It’s just the tip of the iceberg we’re hearing about in the media. Unfortunately many more companies are getting hacked regularly. So what should companies do to protect themselves? On this, Chris gives a pitch on knowing your own Digital Footprint, and also implementing Multi-Factor Authentication (MFA) across the user base.

Exception handling is also key. Don’t try implement security a 100% across the company. Start with the components where you feel security measures can have an impact first. Learn from the baby steps you do, and never consider all assets to be protected the same, there’s always exceptions!

An example is employees who cannot use 16 character long passwords and password managers. There are solutions for this, and multiple vendors who can support robust and, hear me now, secure enough solutions. There’s many ways we can move away from password based solutions.

What about the presidential election on the US, where president Donald Trump went out and said “Hear me Russia, hack these emails…”. Can presidential elections be hacked? Chris takes on this discussion and comments that the elections won’t necessarily be hacked by the press of a finger on a keyboard, but instead through what we call Physcological Operations (PSYOPS). Basically trying to convert the masses by running operations against our minds, convincing us through fake news, etc..

In fact, Chris points out, there’s operations going on where operators can select between 100’s of fake identities using tools that tries to preserve the fake identity’s integrity. This can be used to spread false information, e.g. ensuring a controversial post has many likes.

Final advice for the listeners of the podcast: be a bit sceptical. Your own awareness should be heightened as the WWW (Wild Wild West) is a scary place, and you want to protect yourself, your kids, family and employer.