When Technology fails...
Dr. Reem Faraj AlShammari
CyberSecurity Woman of Arab World2024 &CyberSecurity Woman Barrier Breaker 2023. Ranked#1@CyberSecurity-IFSEC Global Influencers2019. ???? ????? ????????? ????? ???????????????? ??????? ??????????? ????? ?????????????
~~~~ A glance from CISO+Mom's diaries....Episode#2 ~~~~
According to a 2009 study done by some psychology researchers, it takes 66 days to create a #habit. And habits are defined by those researchers as actions you do a lot. So, when for a great amount of time (much much more than those 66 days ), you do the following actions towards a specific knowledge area: you get into discussions and even arguments almost daily, do lots of books/papers/articles' reading on it, attend dozens of forums/workshops/events to stay up-to-date throughout the year about it, your job description is literally dictating it, and of course "this comes without saying" be surrounded day and night "virtually/physically" by people expert in it; Your behavior in return (my respective Sir/Madame) will become definitely highly influenced by it and will eventually becomes a habit within you. So, for us in #Cyber Security, doing all of the above for a quite long time, did not only lead to create a "habit" within our Life-Style that is related to Cyber Security, we actually began to breath #Oxygenized Cyber Security's Molecules , we act and react in Cyber Security ways, we talk with Cyber Security Accent, and even our jokes are flavored with Cyber Security spices!
With the above being said and you have it kept in the back of your mind, I will now start my story. I have recently attended an Enterprise Risk Management "SPEAK ERM" Event where I was among a great group of speakers who are recognized as elites in their areas. In the beginning of that event, the technology "that was related to large Digital State-of-Art Display Screens presenting Speakers' PowerPoint's slides" for some reason had Failed unexpectedly. Coming from an IT background, I went behind the event's stage with my friends from ERM team and their event's management's technical team trying to sort this failure out, soon there was some suspicious looks towards me! "if this Techie failure might be related to a Cyber attack and we "Cyber Security team" might actually had something to do with it! Seriously? lol * /me Slamming my forehead!* Yup, it's OK,,, got used to that "typical" and "blaming type" IT behavior when systems get messy, always blame it on Cyber Security (updates/patches/controls)! Ahhh.". Thankfully, it was soon clear that the cause of that techie failure was due to some Electrical Power issues. Hang on a Sec! I know what you "Mr. IT" are thinking now! ICS Cyber attack? Don't even think about going there cause it SIMPLY WASN'T, OK! "Deep breath." (^_^)
Anyways, as the techie troubleshooting attempts was not giving any great hopes, the event organizers started discussing the option to announce the cancellation of the event that was already attended by a great audience headed by the Sector's Senior management and executives. So......"Wait this requires a NEW LINE."
So, my Cyber Security Autopilot kicked-in "unconsciously", and I found my self proposing "out of no where" to my ERM friends to actually continue on running the event "with out the need to these Techie State-of-Art Digi Screens" as I assured to them that I can go ahead and present manually with out the need for technology to run or to refer to my PowerPoint presentation slides. Pure manual recovery; just like what happened recently in Hydro Magnor -https://www.youtube.com/watch?v=S-ZlVuM0we0; Wait!!! I Meant just like them when they went manual NOT when they got hit by a cyber attack! Hello Mr. IT, pls. note that I'm keeping my eye on your brain's fishy analytics...believe me, there was NO Cyber Attack at that event, so stop distracting me and let me finish the article! :)
My ERM friends welcomed the #brave idea and I went on stage to present my topic "Talking Cyber Security with a Risk Accent!", I Started my presentation by saying: "As a Cyber Security person " in this case, a CISO", I am set to respond to any operations' disruption once detected, and recover these operations as quickly as possible, so me standing now on this stage presenting to you; without the need of these display Screens' Technologies; is a live example of how we react as dictated by our CyberSecurity life-style"...and then I carried on my presentation where I have referred to the Hydro Cyber attack incident in it as I had read the article published on its' Cyber attack details on the night before the event.
Surprisingly, the event was a great success despite these techie challenges as other elite risk speakers had followed the same approach and presented manually (when technology failed them).
After the event, my mind did some #post incident analysis, and I've sensed how the CyberSecurity culture had really influenced the way I act and react. For example, this Technology failure which had suddenly occurred, and how instantly I had activated my #incident response procedure (in the background of my mind) after detecting this services/operations disruption, bring Business Continuity Plans into Action, and recover the disrupted services/operations ASAP.
The moral of the story ladies and gentlemen, as we keep on breathing those #Oxygenized Cyber Security's Molecules, we will unconsciously react the same once an incident is detected, respond properly to it, and recover as quickly as possibly.
When technology fails us, We can shine Still...! (ERM Event, March 2019)
Global Cybersecurity Solutions & Services @Schneider Electric | Specialized in Safeguarding Operational Technology (OT) | Building a Secure Digital Future for Businesses | Passionate about Digital Safety ???
5 年Excellent article...... agree with you.