Safer business

How your air conditioning could start a cyberattack

Cybersecurity expert Eliza-May Austin finds many businesses are oblivious to cyber-risks in their supply chain. She tells us how she’s changing mindsets.

Share article

Cybersecurity expert Eliza-May Austin speaking while seated in a lecture theatre

Many big businesses know they could be cybercrime targets and invest in defenses like software and training. That’s why cybercriminals are increasingly attacking through smaller suppliers who don’t have the same knowledge and resources. It’s called a supply chain attack.

In Tomorrow Unlocked’s second episode in the hacker:HUNTER Behind the Screens series, Eliza-May Austin, CEO and co-founder of th4ts3cur1ty.company (That Security Company,) explains how US retail giant Target was attacked through a most unexpected device – the air conditioning.

We ask Austin how businesses can prepare for supply chain attacks and how she thinks things are going for women in cybersecurity careers.

In Tomorrow Unlocked’s Hacker: HUNTER Behind the Screens video, you talk about the supply chain attack on Target in 2013. Why is this attack so important?

Businesses must work with other businesses, which makes us all susceptible to a certain degree of risk. Take an airplane, for example. To go from concept to in the air involves hundreds of businesses, contractors and applications. It takes just one breach to compromise that trusted ecosystem. It’s something we should all take seriously.

Your business th4ts3cur1ty.company (That Security Company) helps companies large and small harden their supply chains. How do you do that?

There are many things businesses can do to defend against supply chain attacks. For example, we run penetration testing, consult on governance, risk and compliance and importantly, logging, monitoring and vulnerability management.

Are businesses becoming more aware of supply chain attacks and responding appropriately?

I can’t confidently say yes, which is why I’m vocal on the issue.

I come across companies with little need for concern who spend too much defending against every possible scenario. On the flip side, some don’t think considering these risks should be on their to-do list at all.

I recently asked a small-to-medium company (SMB) that supplies services to the medical sector if they’d considered how an attack would impact their clients’ security. I was met with such bemusement you’d think I’d asked for a sandwich.

What’s the most common problem making businesses vulnerable to supply chain attacks?

Not knowing how prevalent it is. But also, some businesses that do understand the issue’s scale get overwhelmed by it. These attacks aren’t always sophisticated – simple measures can go a long way.

How did you get into cybersecurity?

I moved from a degree in forensic science to a degree in digital forensics, did some internships and the rest is history. You don’t need a degree to be in cybersecurity.

Is the industry giving women equal opportunities to enter and succeed yet?

I think this industry, like any, is what you make of it. Cybersecurity is a fantastic career choice for women and should be promoted as such.

What could employers do today to attract and retain more women?

I get asked this a lot, so I wrote 15 ways to attract more women to your technical cybersecurity team.

I’ve included simple, practical things like considering the physical environment. For example, if employees have to crawl around on the floor to plug in a laptop, that may feel degrading when wearing a skirt.

I also recommend being more open-minded about what kind of people you need:

You don’t need to hire people who are ‘proactive in the industry.’ Some people are introverts and that’s OK. Consider introverts in your interview process. A strong team is a mix of types of people who will respond to interviews differently.

What is Ladies Hacking Society (LHS) and why did you found it?

LHS is an awesome community of women who come together to learn from one another and teach each other hacking. I wanted to create a technical option for women because I found mixed events were not really mixed (mainly men) whereas women’s events revolved around governance or high-level theory. It’s a lot of fun and a great bunch of people.

Which is the most important lesson from your 11 leadership lessons from terrible managers, and why?

Lesson 3: A sense of humor matters. People tend to take themselves too seriously. Encouraging people to laugh and joke does wonders for team morale and gets people through stressful times. Let’s all calm down and have a giggle.

 

Kaspersky Enterprise Security

We’re here to help in any way that works for you.

About authors

Suraya Casey is a freelance writer, editor and content strategist based in New Zealand. Her interests include cybersecurity, technology, climate, transport, healthcare and accessibility.