A Call to Arms: Cyber Ain’t Special.
It’s time we climbed down from our ivory towers and faced the facts: I can’t fix the cyber threat, neither can you. I don’t care how many certifications you have, how much experience you have, how many exploits you’ve found or fixed or how many sensitive systems you’ve pwned. It’s a community problem and we need to level the playing field. We ain’t special.
I am increasingly disappointed at the number of experts in cyber who take every breach as an opportunity to point and laugh, to ridicule, to ‘@’ their mates and chortle at how stupid everyone else is. I can’t think of any profession that adds to the awareness divide like ours.
Anyone who knows me knows that I’ve banged on for years (so why stop now) about the need for us to demystify cyber. We need national education campaigns which appeals to the community, can be understood and identifies "what’s in it" for every citizen – akin to the ‘Slip, Slop, Slap*’ or our road safety campaigns. This can only work if we make cyber accessible: Imagine if we didn’t understand that we could protect ourselves against skin cancer and left it to the scientists to cure it (and worse, laughed at the victims for not taking more care?). Or if we didn’t teach kids to look before they cross the road and decided it's best left to engineers to make cars that don’t kill - it’s crazy right?
Don’t get me wrong, we need specialist skills and curious minds with talents that far outweigh those required by our wider community – but we need to harness those skills and valuable experience to educate and support. Unfortunately, I am almost certain that if we came up with the ‘Slip, Slop, Slap’ for cyber, the very next day, the press would be full of experts ‘explaining’ why password strength is a joke…or the ‘hole’ in the campaign.
So, a call to arms:
Challenge ourselves about how we respond (publicly and privately) when we hear of another ‘preventable’ breach. Call out your peers when they cross the line. Use someone else’s misfortune to the benefit of others. It starts with us, it starts now.
I’ll get off my soap box and dismantle my tower….who’s with me?
*For non antipodeans: Slip, Slop, Slap = Slip on a Shirt, Slop on Sunscreen and Slap on a hat.
Next Level Leadership: Engage and Retain Gen Z | Leadership & Retention Specialist ?? Let's talk.
5 年Love this article and this perspective. I couldn't agree more. Thanks for sharing
Trailblazing Human and Entity Identity & Learning Visionary - Created a new legal identity architecture for humans/ AI systems/bots and leveraged this to create a new learning architecture
6 年Hi Andrew.? Interesting post.? My thoughts: 1. Just the other day Troels Oerting, Head of Cybersecurity at World Economic Forum posted a similar piece (Back to Basics-?https://www.dhirubhai.net/pulse/back-basics-troels-oerting/) 2. He suggested basic DNA security hygiene for the public at large , all of which is good common sense.? 3. In my reply to his post, I stated that next steps beyond this required rethinking identity and data.?? 4. Our existing world works off of old school identity laws derived from the 1800's which now no longer work, resulting in identity theft, etc.? Given the world we are madly rushing into, i.e. the convergence of genetic engineering, AI, robotics, AR, VR et al requires a complete rethink of identity.?? 5. Then there's data.? With the emerging AI/AR/VR/Physical worlds we are in the process of creating, the amount of data being generated, each second, by people, will be stunning.? This data will reveal things like eye blinks per second, skin temperature, gait, what you are looking at, etc.? We need to have global GDPR type laws that are updated for all of this, protecting us. 6. In my post back to Troels, I ended talking about the fact that our existing nation state laws create huge gaps cybercriminals can easily slide through.? I then talked about the heavy lifting required to standardize laws around the planet as we enter this new era driven by technology. 7. We need a new legal framework built around identity and data.? Until then, we will be knee jerking to cyber security events with vendors proposing solutions that are only fragmentary and don't address the real underlying problems. Thoughts?
Cyber enthusiast by way of it is the #1 threat to our way of life. Would be easier if had taken the blue pill.
6 年Sttarx.com
Agree. A greater willingness for security professionals to be more engaged across the IT delivery teams in all organisations will be a bonus for all.? Greater support to our peers offers new ?improvements to processes to better integrate security in the day to day support actions of many IT professionals. And it isn't just with digital, many of IT landscapes in ?ANZ orgs have a broad sector of technologies with various levels of security exposures .? How these technology platforms all link and integrate needs insights from Security professionals on how to sustain a constant level of security controls and protection will matter most. Maybe this is Security special knowledge that we can share to ?help demystify the path forward. A better understanding of the need for ?new security controls, enhancing of others and retiring some will be a good outcome. Without these insights the rest of the IT professionals could relegate security needs through a degree of ignorance.
Independent Agile Coach
6 年Manage it, Banish it, Never Panic It. - Always manage your passwords so you don't have to remember them. - Always banish suspicious emails to the bin. - Never panic if you get a spam threat, simply report it and change your password if needed. Just a thought from a former startup marketing guy. Needs refinement but user testing should improve it.