Raef Meeuwisse is a passionate information security expert who has written several books, covering the most pressing cybersecurity topics:
- The Encrypted Book of Passwords;
- The Cybersecurity to English Dictionary;
- Cybersecurity: Home and Small Business;
- Cybersecurity for Beginners;
- Cybersecurity Exposed: The Cyber House Rules.
Raef also holds multiple certifications for information security and has authored the security control framework for a Fortune 20 company. He has created AdaptiveGRC, a single data source/zero replication governance, risk management and compliance suite.
Raef is also a frequent speaker at international conferences, and is now part of our “Ask the experts” interview series!
You should be proud of your professional accomplishments. What triggered your interest in cybersecurity?
Raef Meeuwisse: Cybersecurity is a fascinating, challenging and fast moving topic. It requires continual learning. The requirement for continual research and learning was one of the factors that raised my interest; however, I also enjoy the huge amount of human psychology involved. How people, environments and cultures interact with the rapid changes in technology has the most relevance to how well (or badly) the cybersecurity in each organization runs.
The more organizations where I started to review and fix cybersecurity, the more I realised that I had an opportunity to share unique insights into the topic. These are insights that are only possible when a person gets to see how hundreds of environments approach their security.
I started out interested in the topic – and now I find myself passionate about it. The rise in cybercrime is primarily a result of basic gaps in cybersecurity measures being left open. I am passionate about organizations raising their cybersecurity standards by understanding the issues.
How do you write a cybersecurity book? Where do you start? What are your motivations?
Raef Meeuwisse: The motivation to write the books came from attending and presenting at multiple security conferences. At those security conferences, I found that many people were struggling to find the information they needed and that due to my broad exposure to the subject – I could provide them with the answers they needed.
As a consultant, you can only offer help one person or organization at a time. As an author, I can share that information with a much wider audience.
However, writing non-fiction is mostly a philanthropic pursuit. Most of the authors I know are earning from the consultancy or advertising their title brings rather than from the cover price.
For me, the start point is that you have to thoroughly enjoy writing, have a cybersecurity topic that you feel passionate about and be relatively sure that there is an audience interested in it.
A really key motivator was also that there were hardly any great books on the topic. Many of the available books are also technically focused. I wanted to create timely material that could connect with all kinds of people and provide real insights and clarity for them.
What has stunned you the most during your course of work?
Raef Meeuwisse: The new book ‘Cybersecurity Exposed: The Cyber House Rules’ (released 2nd January 2017) is very much about what stuns me.
Too many organizations are running shockingly insecure systems – and believe that is acceptable. Although there is some truth to the fact that 100% perfect security is unobtainable, there is no excuse for any incident to reach a megabreach level. Megabreaches are always a result of three or more major or critical security features being ineffective or missing entirely.
Based on your research and knowledge, what do you think the future holds for the “digital landscape” we have created?
Raef Meeuwisse: Technology is changing everything. Soon, we will all be travelling in self driving vehicles we don’t own, watching targeted 3D advertising and spending more time chatting with artificial intelligence (AI) bots than with real people.
Machines are about to get a lot smarter than any of us.
The evolved digital landscape of 2030 compared to today will be like moving to a different planet. Robots, drones, self-driving vehicles, 3D printing at home, lower cost energy and holographic computing from physically tiny devices – all of these will mean that humans will be focussed more on recreation – and mostly those recreational pursuits will also involve technology.
Organized cybercrime seems to be a perfectly oiled machine. Is there something we, the cybersecurity people, could learn from it?
Raef Meeuwisse: One of The Cyber House Rules from my new book is that ‘Criminals share information better and faster than legitimate organizations.’
Those criminals are not doing anything clever. Their scams and exploits are just taking advantage of how vulnerable we allow ourselves to be. Certainly, if nobody ever paid a ransom, there would be a lot less motivation for cybercrime. However, I think the crime rates will only drop when the massive (and fixable) gaps are no longer permitted.
We need to learn to approach the security of technology more methodically and always include security by design from the very beginning of using or setting up anything new.
What are your deepest fears concerning big data?
Raef Meeuwisse: Poorly thought legislation is my biggest fear.
We live in a global world where networks will soon not be controllable by individual nation states. If we want ‘big data’ to be a power for good rather than evil – we have to avoid legislation that pushes for too much involuntary personal data from being captured.
As an example, in the UK, we have laws coming into affect that require internet service providers to keep everything about the transactions made from the connections they provide for 12 months. That is a fantastic resource for criminals to target.
Governments, criminals and commercial organizations are all working in ways that will soon mean nobody can be anonymous. Data privacy legislation is also increasing – but the reality is that whatever we do will end up known or accessible.
I can walk down a street now with a smart phone and quite legally look inside most people’s houses using a public real estate agency website. If I couple that information with other public data, it is far too easy to know almost whatever you want to about whoever you want to.
Big Data, nation-state malware, quickly evolving ransomware families, IoT botnets… Who (or what) do you think is the main culprit for the cybersecurity nightmare we are living in?
Raef Meeuwisse: Cryptocurrency made it possible for cybercrime to explode in value. However, it is the ongoing apathy and indifference to fixing security that is allowing it to persist. As stated earlier – all those megabreaches are preventable.
Can you share with our readers some practical online security tips for the winter holidays? As we all know, this time of the year is favored by all kinds of viruses, be it the flue or the ransomware…
Never re-use passwords on different online accounts of any value. Never be pressured into doing something quickly, if a call or communication is legitimate, the other person will be able to give you time to think the action through. Be careful of seasonal offers that seem too good to be true.
It maybe the season for giving – but avoid giving to cyber criminals.
Enough with the serious talk already! What is your favorite infosec joke?
Raef Meeuwisse: It actually came from one of my earliest security audits. The organization I was checking had some personal email guidance that read ‘Personally offensive emails may only be sent at the users discretion.’ When I thought it through – they had the right intentions – what they were trying to say was that you should not send an email if you think the recipient would find it offensive. I didn’t give them any finding or observation for that. Whoever wrote that control was a comedy genius.
SensorsTechForum’s “Ask the Experts” Interview Series
If you are a cyber security expert and you want to share your experience with our audience, send us an email at support[at]sensorstechforum.com. We will gladly converse with you about anything cyber security!