Following a series high-profile cyber attacks, most cyber security professionals predict the future will be bleak. Our CEO, Oz Alashe, meanwhile, has other ideas
“Is this the end of the world as we know it?” asked IT security specialist Susan Morrow in her blog post following the outbreak of WannaCry – and she’s not the first person who’s suggested as much.
Five years ago, Russian cybersecurity expert Eugene Kaspersky mirrored Morrow’s thoughts. “I’m afraid it’s just the beginning of the game” Kaspersky said after discovering the virus now known as Flame. “It will be the end of the world as we know it… I’m scared, believe me.”
Today, it seems scarcely a day goes by without a new article or opinion piece cropping up to remind us of the threat of impending cyber doom. I, however, take a slightly different view, and I do so for the following 8 reasons.
- Cyber security is about more than just “technology” and “security”. Cyber security is also about our environment, our societies and arguably our evolution. The stakes are high. And with the stakes so high and the threat increasing, I believe we can expect people to begin responding accordingly. We human beings have a remarkable habit of finding inspiration through desperation. I believe, as cyber threats and risks increase, cyber security will advance at an even greater rate.
- As time goes on, we are beginning to see greater levels of sharing and collaboration. The UK financial services firm Barclays recently launched a marketing campaign designed to increase cyber security awareness. Similarly, the Institution of Engineering and Technology’s Cyber Security Hub brings together engineers and cyber security specialists to share insights and developments. While neither are likely to be entirely selfless, the fact that such initiatives now exist offers incredible hope for a dramatically more secure future. There are many other examples of such collaboration and information sharing.
- The increased threat is forcing us to resolve some serious issues. For far too long, people have avoided several big issues within cyber security. Privacy has arguably been an afterthought. National security implications have not been understood as well as they might. Cyber security education has been woefully lacking. And the lack of diversity within the information security community has meant we have a long way to go before we can truly claim to be tapping into all talent society has to offer. Today, the landscape finally appears to be shifting with each new cyber security-related frontpage headline. The EU’s new General Data Protection Regulations seek to positively address issues concerning privacy. To enhance national security, the UK recently opened a new National Cyber Security Centre at GCHQ. And as part of a new cyber security strategy, the UK government has pledged to invest in cyber apprenticeships, retraining schemes and advanced cyber security teaching in schools. And these are just in Europe and the UK. All over the globe there are clear signs the world is beginning to stir.
- Increasing threats are fuelling demands for better cyber security provision. In turn, stronger demands are creating opportunities for disruptive start-ups who simply do what is needed better than most. The end result are better technological protections – such as behavioural biometrics and intelligent whitelisting – but also increases in the extra precautions people take (the latter is something CybSafe endeavours to facilitate). Each successful new endeavour makes the world a better, safer place.
- We’ve overcome global challenges before. Alan Turing’s computer is an obvious example. The computer was first developed to counter Enigma machines; the machines that encrypted Nazi messages during World War 2. Turing’s computer decoded classified Nazi communications, giving the Allied forces access to intelligence that dramatically hastened the Nazi’s demise. When pushed, we’re capable of some amazing feats.
- Our governments are stepping up. Despite some clear exceptions, the reality is most governments seek to enhance their country’s welfare. Governments might be cash-strained and often tardy but it cyber security finally seems to be getting the attention it deserves. In 2016, the Australian government pledged to invest $AU 230 million in cyber security improvements. More recently, the UK government set aside £1.9 billion to enact a new cyber security strategy. Although governments won’t be able to to revolutionise security on their own, when combined with support from citizens and businesses, their investments have the potential to permanently enhance security worldwide.
- People are both the key and an underutilised resource. We know it. We say it. We now have the opportunity to live it. Too many businesses still see cyber security training as a tickbox exercise to keep regulators happy, and therefore offer tick-box training that does little to change people’s behaviour in practice. The result is today’s status quo – insufficient cyber security awareness, unnecessarily risky behaviour and frequent and increasingly severe cyber attacks. It’s a status quo we no longer need to accept. Training that changes behaviour and delivers a measurable ROI now exists. After decades of being labelled a weakness, people stand poised to become our ultimate resource. Forward-thinking businesses are already cottoning on. Those that still see behavioural change as a “nice-to-have” are likely to have a tough road ahead.
- The status quo is overrated anyway. It’s hard to argue that, today, cyber security for most businesses is where it needs to be. But things change. Societies evolve. Technology progresses and people adapt. Humans have an innate tendency to fear change – a tendency possibly linked to our aversion to loss. But in the case of cyber security, change must be embraced. The current status quo is now unsustainable. I believe, in time, good people will hit back.
And for those reasons, I’m more positive than most when it comes to the topic of cyber security.
Oz Alashe is CEO & Founder at CybSafe.