Soldiers @ Digital Warfare - Information Security for Business Analysts

Hi All,

Hope the holidays had been wonderful for you. And more to do with the sun smiling heavily this time on Sri Lanka, making Aurudu Kaum's oil drip on your fingers before you even eat. ??

Today in the Newsletter series I'm going to talk about Information Security and how it's more important than ever in today's context. Then we will have a look into how the BAs come into the picture.

Then, let's dive in, shall we???

Modern warfare seen in the War in Ukraine

The war in Ukraine has made us all realize more about how today's world works. How the war in one corner of the world can affect the hunger of a person in the other corner. This war had been felt from oil and gas prices to the high inflation impacting all the continents at a global scale. What made us understand here is that this is what globalization and one global ecosystem had brought. The current stage of human civilization. The butterfly effect can be felt from something happening in one corner to its ripple effect in another.

The other important and most striking difference of this war was how cyber attacks were dispatched both by Russia on Ukraine and by Ukraine and the rest of the world on Russia. These attacks are well organized and coordinated with physical warfare. This is the level of modern war strategies.

This war had shown how cyberspace will become a central battleground in future wars. Since the invasion, Russian backend hackers conducted a series of hacking attacks on key government institutes in Ukraine and attacks were attempted at computers controlling high-voltage substances in the energy grid. Such attacks can completely disrupt the country's energy supply. But the Ukranian backed by Western powers had been able to strengthen the country's cyber defense and hence tracked most of such attacks.

Also, Russia had been very mature in how they conduct information operations. The Russians had been using social media to attack the mindset of the Ukrainians. Even this had been used to demotivate Ukranian soldiers.

Before the war broke out there had been a sharp increase in cyber activity. This had been seen as very intriguing in the period of late February just before Russians cross the border according to a Microsoft report. In future wars, we can expect such cyber attacks and online systems to get attacked before any ground movement or declaration, making our field (IT) at the pinnacle of vulnerability.

Something that really matters.

Here comes something that really matters. Usually, most software systems that are developed in the BFSI domain handle monetary transactions. A very well-organized cyber attack (Let's say at a time of future war) can tap into a country's/organization's wealth by targeting such institute's systems. Also if such attackers know where they are going they can get into the vast amount of personal data of people as well. This can be customers or online users. All this if security is not up to the standards.

If attackers can get behavior data and can track key individuals, they can even launch simultaneous long-range ground assaults. So if you are running a social media app in your country, or work in a bank or insurance company the users of your services include each and every person in society. INCLUDING these key individuals. So now you can see the scale, the security of their lives is in your hand. And that's why we should shout about the importance of data privacy and information security in every country and every practice. And even the data of rest need to be kept safe at all terms further to the human consent to protect them as well. And who knows how creative your attacker can be?

Also, the security of these systems should be updated and upgraded quickly as technology moves. Because modern attackers are becoming more and more sophisticated with their craft such as using wiper ransomware, malware, and distributed denial-of-service attacks. So the software teams in the industry should up their game and craft. So is the BA.

Business Analyst a soldier at war?

Who is a Soldier?

I will put it like this,

"A hero who protects a nation's interests and its people."

If the company you are working practicing Business Analysis at its best, the key always is the end customer. Your solution should ease the life of the person you are developing for. It should remove their burdens and frustrations. We create Personas in our day-to-day work for these. I think it is time for BAs to move into caring more about these people. Touching how they will be safe using your software. Developing such a mindset which is important for the age we live in.

If you can think as such just imagine the distance that this practice, Software Development can go. As we talk about Inclusive design, from this also we become more human in our thinking. Synching more with humans and people, their safety and security. Hands down software development will be far better if everyone can hop into this mindset and so will the world. Then you will become similar to a soldier who's protecting the people and dedicating time to their security.

Then as Business Analyst is at the core of solution design, it is very important to him to understand and have knowledge about cyber security. Remember it's a mindset. Like BAs and the project teams develop Design Thinking as a mindset. You should develop a soldier mindset as well. Think about how the user's data will be protected always. Update with trends in cyber security. And add those to your solution design by talking with the engineers. This activity is very crucial for startups that run without designated Security architects. Do this with care.

Another important thing you need to understand is that the BA is the thinking person in software design, always at the forefront of activity. As such following is a quote from John Steinbeck that I would like to twist a little.

I will put it like this BA is the thinking person in software design and at the forefront of the development lifecycle and activity. You cannot fail. Security should be considered at the very beginning by you. Same as we write User Stories which are testable and quality is thought about at the very beginning, this should too.

Never make it your failure at any cost. Remember the reason I took the war in Ukraine as an example. The future is moving into more sophistication and we do not know what will come our way in the future. As soldiers save their people on the battleground in a future war, you save people and protect them now with what you do. So this is a responsibility that a BA should take with his/her full project team.

My own experience

At Allianz Insurance Lanka Limited , the BAs must adhere to and should be up to date with cyber security in their software designs. This is very much standardized with Information Security Officer (ISO) in the company and Security Architect.

All the BAs should draw the security architecture of their software before development and this is pitched to Allianz regional architecture board with other architecture diagrams. And data privacy checklists are a must to adhere to in all developments.

Another aspect is PEN Test. Conducting penetration testing in all external-facing applications is another area BA should look after with constant communication with every party. And fixing the products to the standards with the team to pass the PEN Test. The company cares a lot about customer data and how safe it is from external attackers and includes a lot of security processes and activities that technical teams take care of.

I'm pretty sure that most of the other companies are the same doing their best in this area. So are you up to it? Do you have the skills and knowledge?

Push the limits!

Wanna push the limits, soldier?

Ok, the following are the 10 best recommended cyber security courses in Coursera for 2023. Try out one and extend your skills. Become an allrounder and a wizard in all the crafts.

Always remember as you do the fun things at work your work has its many responsibilities as well. So in a way becoming a soldier is an interesting way to keep you geared up with your project work.

Way to go Hero ??

Then I will be signing out for today hoping to write more through this series in the future.

Goodbye till then!!! ??