24.08.18

Cybersecurity: There is hope yet

While the methods of cyber attacks are many and ever increasing, they all boil down to only one or a combination of the two: taking advantage of a technological weakness or exploiting human error. Although we lack experts to protect our technology and the awareness (or interest) to minimise human error, it’s worth looking at our predicament through a different lens and find the silver lining to what some call an existential threat.

Spoilt for choice

The technology revolution’s focus has largely been on convenience underpinned by speed, performance and power. Unfortunately, security was not at the forefront even though engineers were largely aware of inherent design flaws. Cybersecurity is now in the spotlight, but as an afterthought to a problem that got a bit out of hand. We thus find ourselves in a severe skill shortage ranging from 50 percent to 80 percent depending on which survey you read.

The future looks even bleaker, but governments and large organisations are engaged in grassroots campaigns to inspire the future generation to take the helm in much larger numbers. Until then, demand-supply dictates that having a team of security engineers on the payroll is not realistic for all organisations.

Incidentally, cybersecurity is one of the trending themes in the startup world. By some accounts there were 300 cybersecurity companies launched last year alone, and among these lie the ones that offer to take on the responsibility end-to-end. It’s the age-old concept of outsourcing repackaged as a managed service. There are arguments to be made against outsourcing any business function and cybersecurity is no exception. But since doing nothing is definitely not an option, this approach, at the very least, allows us to share our limited human capital and make cybersecurity accessible to all.

Tips to choose a security vendor

1. Make the initial effort in engaging with vendors and working as a team thereafter just as you would with an employee
2. Read online guides on how to choose a managed security service provider
3. Use the trial period offered by security vendors (usually 2-4 weeks)
4. Security vendors add a layer of defence, but no one can guarantee against being hacked. In fact, be wary of any that do

A matter of personal safety

While the specialists look after the technology what can we mortals do in the interest of cybersecurity? To begin with, we need to stop thinking of cybersecurity as a business problem.
It doesn’t help that the current focus of cybersecurity is designed to protect your organisation, not you. This approach is doing us a disservice as a collective. If the data we were trying to
protect was limited to trade secrets it would have sufficed, but if GDPR has taught us one thing, it’s that data consists of personally identifiable information. We’re either an organisation’s
employee or customer and with that it’s our credit cards, our bank details, our email addresses and everything else that gets sold on the dark web in the event of a breach.

If that were not enough, there’s a computer in our hands almost every minute of our daily lives without the added layers of defence. Cybercrimes against individuals are three times more likely than domestic burglaries, yet we double lock our doors and windows but struggle to follow basic principles of password security. The difference between the physical and digital world is that we
were taught very early on not to run with scissors or accept sweets from a stranger. Just as cybersecurity’s evolution impacted the talent pool, it also impacted how we were brought up in
the digital world. We now find ourselves in an “old dog, new tricks” situation, and difficult as it may be, we must relearn how to conduct ourselves in the digital world for the sake of our
personal safety. The benefits to business will follow.

Tips to make cybersecurity more interesting

1. Binge on a TV series to understand the mind of a hacker. A word of warning this show addresses other macro issues but it’s got the technical approval of the security
community.
2. Watch a film on Stuxnet, the world’s first cyber weapon, widely believed to be jointly created by elite hackers of two governments.
3. Though this one is designed for children, you can assume the role of CTO of a social media company and save your company from impending cyber doom.

Tips to be more cyber aware

1. Add a few cybersecurity publications to your social media feed. The National Cyber Security Centre , the Cyber Security Hub, and the National Cyber Security Alliance are good places to start. These redirect to LinkedIn but look for them on the ones you use.
2. Print a few of these digestible infographics and pin it around your work desk at home or the office. The glossaries will help navigate the esoteric dialogue surrounding cybersecurity.

This article was written by Nida Naik, Business Development Manager at ThreatSpike Labs


Share

See more