Security Buyer UK Editor, Rebecca Spayne catches up exclusively with Kenny McHugh, National Secured By Design Manager
Could you introduce yourself and what you do?
As the National Lead for Secured by Design (SBD), I have the responsibility of managing the Development Officer team within Police CPI and the day-to-day operation of the SBD initiative. Over and above my managerial responsibilities, I look after the SBD member companies in Scotland, Northern Ireland & Ireland.
I had a career in Policing for over 30 years, seeing service throughout the UK, which started with the Military Police in 1981. During my service I served in various locations throughout Europe, the Middle East, Africa and Cyprus. After military service in 2004, I served in the Police Service in Northern Ireland from 2005-2016 as the lead Designing Out Crime Officer, and then in 2016 I joined Secured by Design.
Secured By Design’s inception is born from the idea of standardising security products across the UK. How important is this for the security industry?
This is very important – people want to get a secure crime prevention product that actually does the job it claims. On behalf of the UK Police Service, SBD operates an accreditation scheme for products or services that have met recognised security standards. These products or services – which must be capable of deterring or preventing crime – are known as being of a ‘Police Preferred Specification’.
The Police Preferred Specification scheme has been operating for over 20 years. The SBD focus is on the critical factors that combine to deliver a product’s performance – design, use, quality control and the ability to deter or prevent crime. Products that have met the Police Preferred Specification therefore provide reassurance to the specifier, purchaser or user.
What kind of government support or advice do SBD receive for the work they do?
SBD has built strategic relationships with UK Policing, Government Departments, Standards Authorities, Industry Trade Associations and Academia. SBD is a key delivery partner to the Home Office regarding the Safer Streets Fund initiative, as well as working closely with the Home Office to provide a range of support for their other initiatives like the Places of Worship (POW): Protective Security Funding Scheme.
A lot of innovation in modern security products is motivated by the evolution of IoT technology. How important is IoT integration in current development?
Security products have evolved to now include smart security cameras, video doorbells, locks, plugs and bulbs to name but a few and there is no doubt that the rise of the Internet of Things (IoT) and smart devices has revolutionised the way we live our lives, at home and at work, with many smart devices allowing you to control them remotely.
All smart security products are meant to give you more control over, and information about, the safety of your home. However with the increase in IoT products available and a growing ecosystem of interconnected devices, cyber criminals are targeting and exploiting vulnerabilities of the products and within apps as most are mass-produced without security being in the forefront. Therefore, it’s essential we include IoT as one of the areas we want to help prevent crime in so that consumers can safely use these products at home or at work.
As a relatively new phenomenon, what are some of the common threats regarding IoT?
While IoT is a new area, some methods of cybercrime used against these devices aren’t new at all. Phishing, social engineering, brute force password attacks and malware attacks remain as effective as ever.
The issue is that most IoT devices either have default passwords that have been left unchanged or a weak password is put in place. Combined with software updates not being installed automatically or regularly, you are leaving a digital ‘door’ open for cybercriminals to attack your IoT devices, as well as allowing them access to the rest of the network and every device that is connected to it. For example, most people forget to change the unique password on their Wi-Fi router – this is an easy access point for cyber criminals to get onto your home network and they can see that an Alexa is connected to it, which is linked to an Amazon account and the ‘voice purchasing’ feature is enabled. Imagine how vulnerable such an attack can leave someone?
As with your computers and smartphones, installing software updates and ensuring you have strong passwords in place will help you keep your IoT products and both your financial and personal information as secure as possible.
In that same vein, what are some of the lesser-known concerns and threats surrounding IoT?
Many apps and smart devices use what is known as ‘shadow IT’. This is where a device piggy-backs or shadows the capabilities of another enabled app. It is therefore important that you check the functionality that you permit. For example, do not accept ‘location tracking’ where it is not necessary for your specific purpose; do not share your contacts to apps that aren’t specifically for your communications. It is also important to remember that if you link your smart devices to Alexa or other virtual assistant, any voice can activate them, even from outside if they shout loud enough.
What do you see in the future of IoT?
We will continue seeing a rapid growth in IoT devices being used and we’ll see more cities across the UK becoming ‘smart’, but as we know, with that comes an increased risk of being targeted by cybercrime…
To read the full exclusive see our latest issue here.