Cyber dude keeps us safe
‘Q’ dryly tells James Bond that he can do more damage on his computer before his first cup of Earl Grey than the spy could ever achieve with brute force and fiction becomes fact in the real world of cyber security.
Threat actors as they are known in the cyber industry nowadays come in many guises from Script Kiddies to Nation States but all share the same goal: to illegally access digital systems to disrupt, extort and destroy data.
The front line in this cyber war is long and constantly probed for weaknesses by those looking for a way in.
Large public sector organisations like the NHS are an obvious target and it is the job of people like cyber security manager Nasser Arif to minimise the risks of a breach and act decisively if one is reported.
Nasser had planned a career in aerospace engineering but a lifelong passion for technology combined with a flair for problem solving allowed him to chart an alternative career in cyber space.
“I’ve always loved outer space so I suppose I’ve got there in a roundabout way.”
One of the biggest challenges facing the trust aside from the tireless assault of threat actors trying to breach the organisations’ computer systems is educating and empowering staff.
In response, Nasser runs a series of fun and practical workshops offering advice to staff on how to stay safe both at home and in the workplace.
Nasser said: “The first and best line of defence is a well-educated, well-informed work force. Getting the simple things right can go a long way, like not using obvious passwords, not opening suspect emails and the timely reporting of suspicious behaviour.
“Cyber security is a subject that intimidates a lot of people but it shouldn’t. I like the fact that people come up to me in the corridor and ask me questions. Someone even called me the cyber dude the other day which made me giggle.”
Nasser isn’t beyond getting duped himself recalling in his training sessions how an Uber driver logged a bogus pickup with him and then got the company to take the fare from his bank account.
“I was standing on street corner in Wembley for the best part of an hour. If that wasn’t bad enough they charged me a triple fare for not picking me up.
"I did get my money back when Uber checked my location and saw I was telling the truth. I also used this opportunity to learn about how I could further secure my own Uber account.”
He often runs his presentations past his family first ensuring they are user friendly and proudly admits that he has made his parents both paranoid and tech savvy at the same time.
“My mum’s becoming quite the expert now. I’m quite impressed with her.”
Nasser says honesty is always the best policy in the workplace when reporting cyber security incidents.
“We can fix things a lot quicker if people are honest and just say they opened something they shouldn’t have. We’re here to help people, not punish them.”
The same goes for departments thinking of introducing new medical devices and systems. It is vital these projects go through Digital Services’ technical assurance process.
Nasser is also passionate about understanding the human side of cyber security.
“There is a lot of psychology in cyber-crime which is used to draw people in and trick them. Our predictability is our weakness and threat actors often capitalise on this.”
Nasser regularly reminds staff not to use any known information about themselves in their passwords or fall for the false sense of urgency found in many scams.
The majority of attacks start with a form of phishing – which is designed to trick people into allowing unauthorised parties to access sensitive data or perform a malicious action.
Threat actors come in all shapes and sizes from people illegally accessing systems for the fun of it to criminal and state-funded groups focused on causing as much disruption and havoc as possible.
Nasser’s role is to lead on investigations, respond to cyber security incidents, monitor systems for suspicious activity, ensure compliance with national standards and manage his team.
“It’s a fascinating profession but it is hard to switch off because you never know where and when the next significant attack will come from. It is super important to look after our wellbeing as well. “It’s an iceberg scenario for most people who are aware of the cyber-attacks that go on but have no idea of the scale the problem.
“I enjoy what I do and have found the problem-solving skills needed in Aeronautical Engineering have proved invaluable in cyber security.
"I love that there is always something new to learn in the cyber world.”
If you would like to be the first to know about Nasser's next workshop on cyber security, consider joining his cyber staff network.