Your cyber resilience journey: it’s as much about your people and their behaviours as it is about technology
Jim Baines, the main character in the AXELOS ‘novel’, Whaling for Beginners, is based on any real- world business founder, CEO or executive.
As the CEO, Jim values his business, a highly successful and respected packaging firm. He is driven, innovative and values transparency, as do most business owners, entrepreneurs and executives. But in one sense, Jim is complacent. He casually clicks on a malevolent email attachment and, as a consequence, his business, and those of his customers and associates, are threatened.
To Jim’s credit, he is brave enough to write an open letter to his peers about his experiences. It’s an emotional plea, a call to action to other small business leaders to better understand, plan for, and respond to the cyber-risks that endanger their organisation’s hard-won reputation, competitive advantage and operational capabilities. It’s a plea to be resilient as they grow and mature their businesses.
Take a moment to imagine what it feels like to fall victim of a cyber-attack, to suddenly find your hard-won reputation and livelihood in peril. To realise just how incredibly easy it is to attack and compromise your business.
It’s so easy because, as so often reported, upwards of 90% of all successful cyber-attacks rely on our own human error to succeed – our own unwitting mistakes regardless of our role or responsibility, whether we sit in the boardroom or on the frontline. Everyone therefore has a critical role to play in the organisations they work in protecting their most valued and precious information. The cyber attackers typically have the upper hand. They only need to be successful once in their relentless targeting of our human vulnerabilities, whereas we must maintain constant vigilance.
I would suggest that we’re at the crossroads in our collective corporate response to the cyber-risks we all face: one where many will continue to invest in more expensive technology and expect more layers of technical defence will suffice. The others – the market leaders, pioneers, innovators but increasingly the ‘just plain sensible’ – will change direction and adopt an enterprise-wide approach to resilience, led from the top, which uses more creative and proven training techniques to engage and educate all employees. We all need to know the simple, practical guidance required to make the right decisions at the right time. But we also need this guidance to be communicated to us in innovative and compelling ways that truly engage us. The language used is critical to getting this engagement and critically not using the impenetrable security jargon and acronyms that most of us just don’t understand.
There are simple, practical, low-cost steps that any organisation can take to ensure all their people can become more resilient and vigilant in the face of escalating cyber-attacks. You don’t need to be a technical wizard. You don’t need to make massive financial investments. But you need to appreciate that you will be attacked, and you need to understand where your greatest vulnerabilities lie, namely our own human frailties and capacity for error.
The hackers share stories about us. They say we’re too slow, flawed and myopic to see through their schemes, and too staid to keep up with their tricks. But we’re not. We can resist and fight back. But only if we understand what’s ultimately at stake – human livelihoods and reputations – and provided we change our own behaviours to better protect ourselves.
We need more stories like Jim’s to demonstrate the dangers of waiting until it’s too late. We need more real world cyber stories from the frontline, talking about resilience in the wider context of the priorities that face every organisation, whatever their size or sector.
This article was first published by techUK.