Friday, 27 January 2017

Cyber defence needs a rethink

The insider threat is generally top of mind for cyber defenders, but it's not often discussed the correct way. Insiders can be malicious and devious, but they also include people with weak passwords or those who download insecure apps.

In my mind, the real focus for businesses should be to encourage trust and social connection at work. That way employees will more likely feel partially responsible and protective of a workplace and won’t be so prone to making obvious mistakes or lashing out when they leave.

At a higher level, business as a concept must be encouraged. All this talk of the “1%” and “globalism,” as if these are bad things, is exacerbating the tendency for otherwise normal people to do malicious things. They either think it’s OK to attack business or that it’s somehow acceptable if businesses get attacked. This won’t help cyber defence.

Since hackers/attackers aren't going to beat their swords into ploughshares anytime soon, the cyber effort is better spent on building up grassroots defenders by building a more supportive society. Of course it's not the corporate world’s responsibility, but if they don’t do it, who will?

No one listens to the government anymore and intellectuals all seem bent on destroying this culture from the inside. Parents don't seem to know how to make society-conscious children anymore, probably because they too were never told how to live well. And all our role models seem to follow the intellectual's narrative about the corruption and brokenness of the business world.

As we atomise and cloister deep within ourselves with social networks and smartphones, the cyber threat landscape will get worse if employees and citizens aren’t encouraged to help out.

No comments: