James Hatch
Director, Cyber Services, BAE Systems
Cyber Security: Let’s Stop the Blame Game and Tackle the Challenge Together
To combat cyber crime fatigue, we need to take the first steps in making good cyber practice easier and more rewarding rather than solely focusing on the aftermath of an attack and assigning blame.
For too long, protecting organisations from cyber crime has been a daily marathon. A never-ending but necessary process that every business must endure. But what if we put the fun back into cyber security? What if we make it simpler and more engaging, and therefore easier to implement, with businesses even encouraging good practice with incentives.
To truly engage people, we should be forming security processes that complement our natural human behaviours, instead of trying to transform them completely and turning cyber security into a laborious task.
Quite often, people fall into the blame trap. When an incident occurs, and defences fail, blame is instantly assigned and unsurprisingly this further adds to cyber fatigue. When employees are tired and stuck in a destructive cycle rather than focusing on the real issue, more attacks will follow. We’re all playing for ourselves, but no one is winning.
We need to change the game.
Time for change
Today’s cyber culture is in need of a drastic shift in mindset: from onus on the individual to collaborative responsibility – solving cyber crime should be viewed as a team sport. By collaborating and working together, we encourage constant learning, real improvement and a true development of skills. When we indulge in victim-shaming, we discourage transparency and with this, lose out on the valuable lessons that can be gained from such incidents. We need to move towards a world where organisations work hard to defend all businesses, and in doing so, develop a collective sense of responsibility and a unified response to cybercrime.
Let’s start by taking a leaf out of our adversaries’ books. After all, the criminal community we seek to protect ourselves against is highly connected – information, ideas and techniques are shared quickly and adapted to target a huge number of organisations. Rather than taking a reactive approach and being vulnerable to criminal demands, companies need to ensure they are proactive, prepared and resilient. And what better (and more engaging) way to achieve this than by working with our peers.
Imagine how much easier things would be if we supported each other to understand the impact of potential threats before they happened, collaboratively reviewed measures to continue operating during crises, and openly prepared for scenarios that specifically applied to our organisations.
A safer digital world
This Summer we launched ‘The Intelligence Network’: an initiative committed to understanding, explaining and tackling enduring challenges in cyber security and so helping to create a safer digital society. To kick start this, we have laid out a manifesto which over the next seven years we hope will transform collaboration, simplicity and certainty across all aspects of cyber defence. For this to be achieved, cross-organisation transparency is vital. That’s why everyone and anyone across the global community can join to help solve the challenges we face using openness, collaboration and trust.
We know that cyber attackers work by singularly preying on the weak who have been left behind the herd – so let’s start acting as a pack. In cyber terms, it often takes months for attackers to select their targets. Before they launch a strike, they conduct extensive research, develop software or malware to carry out the attack, and perform vital tests to ensure success.
By acting as one and using information gathered from both internal and external sources across organisations, a previously vulnerable business is able to anticipate and block the attempt.
It’s team work
To extend the team analogy further, The Intelligence Network will also encourage organisations to further consider the range of talent they have within their security teams i.e. improve it, to ensure they’re sending out their ‘best squad’ and discussing the right tactics. For example, there is a common misconception that your entire cyber defence team requires a technical background; this is not the case. The most progressive companies recognise that security teams need a range of people that bring different skills and opinions to the table.
We cannot meet tomorrow’s challenges with yesterday’s thinking. Through collaboration, simplicity and certainty, let’s make businesses and organisations redefine the boundaries for security and ensure more accessibility to a greater number of people to make cyber practice more rewarding.
We’re thrilled to have CBI join The Intelligence Network themselves – you can join here: https://www.baesystems.com/en/cybersecurity/feature/the-intelligence-network