In cybersecurity, ‘reinventing the wheel is slowing us down’

25 Aug 2021

Image: Lisa Forte

Security expert Lisa Forte shares her thoughts on the current cybersecurity landscape and the growing threat of social engineering as a cyberweapon.

Cybersecurity has been considered an important topic in technology for many years now. However, it has become even more talked about in the last year due to the increasingly high-profile cyberattacks that have hit major businesses and government bodies.

From the HSE ransomware attack in Ireland to the attack on US software supplier Kaseya, which affected businesses all over the world, cyberattacks have become more rampant than ever.

These headline-grabbing attacks are the result of a culmination of challenges within cybersecurity, including the growing sophistication of cybercriminals and the technology they use, and the critical skill shortage within the infosec industry.

In fact, a recent report from Cyber Ireland found that 41pc of companies’ security teams are at least somewhat understaffed and almost half (48pc) of companies have open or unfilled cybersecurity roles.

These challenges were made worse by the Covid-19 pandemic, which saw many cybercriminals taking advantage of the situation with predatory emails and spam messages, while many infosec professionals were heading for burnout.

But while new attacks may be technologically sophisticated, the backbone of security goes back to long before the prefix of ‘cyber’ was ever attached, with many experts in the field starting out in a more physical security setting.

One such professional is Lisa Forte, an infosec speaker and expert in social engineering, who started her career in security trying to stop pirates from attacking ships off the coast of Somalia.

“It taught me a great deal about risk and how to manage threat actors that are very resourceful,” she said. “I then moved into UK police counter-terrorism intelligence and then from there into one of the UK police cybercrime units.”

‘We are very susceptible as human beings to manipulation’

As her career progressed, Forte has become a leading voice on cybersecurity issues and will be speaking at the (ISC)2 Security Congress in October 2021. She is also the founder of Red Goat Cyber Security, a Bristol-based training and testing company that specialises in social engineering, insider threats and cyber crisis exercises.

Biggest challenges

Throughout her years in the industry, Forte told that she hasn’t seen threats change that much in terms of the ones that cause the most trouble.

“We are still struggling to handle or prevent ransomware attacks globally, for instance. We have seen a lot of great innovation in the industry but there are some significant gaps in the security foundations that allow attacks such as ransomware to still wreak havoc in companies around the world,” she said.

“I think some of the greatest challenges include stopping silo thinking, increasing diversity and also turning our minds to preparing for attack as well as lining up defences.”

One of the areas Forte specialises in is social engineering attacks. This term is used for a wide range of attacks based on psychological manipulation, such as a message about a missed package delivery that actually contains a malicious link. These attacks are the reason why countless security experts name human error as the biggest pitfall when it comes to cyberattacks.

Forte said social engineering is very effective, especially when targeted at specific individuals. “We are very susceptible as human beings to manipulation and our biases and neural shortcuts are easy to exploit under the right conditions.”

She added that “more intelligence sharing is key” when it comes to tackling the growing cybercrime problem.

“Attackers are usually great at this, whereas often we regard it as akin to sharing commercial secrets,” she said.

“We need to be able to have open and honest discussions about what is working and what mistakes have been made. Reinventing the wheel time and time again is slowing us down.”

Cybersecurity for good

Outside of her consulting business, Forte is also a passionate advocate for the ‘tech for good’ philosophy.

In 2020, she co-founded Cyber Volunteers 19, a group that provides pro-bono help and advice to healthcare and education services around Europe and has amassed almost 3,000 volunteers. She is also a co-founder of Respect in Security, an initiative set up to take a stand against all forms of harassment in the infosec industry.

“We have many companies from multinationals to small businesses who have taken the pledge and we are looking to transform the way the industry addresses abuse and harassment of anyone of any race, gender, age or any other factor.”

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

Jenny Darmody is the deputy editor of Silicon Republic