Researcher Dr Ian Kennedy highlights security threats (Image: Dr Ian Kennedy/LinkedIn)
Dr Ian Kennedy is a Senior lecturer in cyber security at the Open University whose research focuses on trust in digital evidence. He has over a decade of experience working as a practitioner in both the police and commercial sector. In these roles he conducted criminal and civil investigations in both the UK and overseas. He also has experience of giving evidence in a variety of courts.
Alongside his research, he has a variety of roles, which includes leading the cyber security teaching team within the Computing and Communications School at the Open University. Alongside this, Ian is also the Qualification Lead for the Digital and technology Solutions Professional (DTSP) Apprenticeship at the university. Alongside his roles as Lead Assessor on Quality Investigations Committee for Office for Students (OfS) and Education Assessor for the Chartered Society of Forensic Sciences (CSFS), Ian also has extensive experience of validating higher education programmes and regularly leads these for both the Open University and external organisations.
We began by diving right into the conversation about the evolving landscape of cybersecurity threats, particularly in the casino industry.
To start off, could you share a bit about your background in cybersecurity and how you got into this unique field of research?
Certainly! I've been in academia since around 2015, after transitioning from a background in industry, where I worked in law enforcement and commercial forensics. This experience has shaped my interests in trust and evidence, particularly regarding digital evidence and its implications in the courtroom.
With your expertise in digital forensics, what do you believe are the most significant risks facing the casino industry in the coming years? Are AI and cybercriminals the main concerns?
Absolutely, the rise of AI is a double-edged sword. While it can be beneficial, there's a growing trend of using it for malicious purposes. For example, certain types of malware are being developed with AI capabilities to generate damaging content. The casino industry is particularly vulnerable due to its reliance on technology for online transactions, making it a prime target for sophisticated attacks.
That's fascinating but also concerning. In your experience, how are courts dealing with these complexities of cybercrime, especially when it involves multi-jurisdictional criminals?
This is an ongoing challenge. Courts often struggle to understand basic technology, let alone advanced cyber threats. In cases involving international crime, collaboration between law enforcement agencies from different countries can be difficult. Legal frameworks and treaties do exist, but enforcement varies tremendously across jurisdictions, making it challenging to prosecute cybercriminals effectively.
With that in mind, what measures can casinos take to mitigate risks associated with their supply chains, particularly concerning third-party services?
Due diligence is key. Casinos should thoroughly vet their suppliers, verifying their legitimacy and history. It's important to have clear contractual terms regarding data breaches and potential liabilities. They should also push for transparency to understand where their suppliers source their data and services.
Tracking back to the broader scope of cybersecurity, do you think universities in the UK are adequately preparing graduates for these challenges?
There’s definitely room for improvement. While there are courses on secure coding practices, they’re often just a small part of the curriculum. There's a need for more comprehensive education focusing on security, especially for web developers who play a crucial role in ensuring safe online environments.
Given the increasing sophistication of cyber threats, what do you think is needed to foster a strong cybersecurity culture within organisations?
Organisations have improved in terms of cybersecurity awareness, but there's still work to be done. Cyber hygiene should be treated as a basic skill. Users need to be educated on recognising phishing attempts, the importance of robust passwords, and the protocols for reporting suspicious activities.
Suppose an organisation becomes a victim of a cyber-attack. What immediate steps should they follow?
The response will depend on the organisation—some have dedicated cyber response teams, while others may only have one IT staff member. The key is to isolate affected systems and assess the situation without pulling the plug, as this could lead to significant losses. Organisations should investigate and analyse any potential data breaches promptly.
Lastly, as we look towards the future, do you envision the development of a robust industry focusing on cybersecurity defence?
Yes, it's already growing. More sectors, including healthcare and finance, are recognising the need for cybersecurity professionals. This reflects a broader awareness that investing in cybersecurity is not just necessary; it's essential in today's digital landscape.
Dr Kennedy’s expertise is invaluable to understanding these complex issues as we face a continuously evolving cyber threat environment. Recent Publications:
Most of my career was spent in teaching including at one of the UK’s top private schools. I left London in 2000 and set up home in Wales raising four beautiful children. I enrolled at University where I studied Photography and film and gained a Degree and subsequently a Masters Degree. In 2014 I helped launch a new local newspaper and managed to get front and back page as well as 6 filler pages on a weekly basis. I saw that journalism was changing and was a pioneer of hyperlocal news in Wales. In 2017 I started one of the first 24/7 free independent news sites for Wales. Having taken that to a successful business model I was keen for a new challenge. Joining the company is exciting for me especially as it is a new role in Europe. I am keen to establish myself and help others to do the same.
Read Full Bio