Nicholas Kwok/Unsplash
When I was a boy of just five or six, each evening at dusk I would run out of our yard, into the streets of our small village, and wait. I was waiting to see the lantern of the night watchman as he moved through the village. His job was to ensure that each villager woke in the morning with the same number of animals they’d had the night before. His job was to create a sense of security and trust.
In a sense, that was a microcosm of what we’re looking for when we contemplate cybersecurity in our hyper-connected world: creating security and trust for organizations on the one hand, and for our employees and customers on the other.
If you’re not taking cybersecurity seriously, you should be asking yourself why. Global cybercrime costs will reach $10.5 trillion annually by 2025.
If you’re not taking cybersecurity seriously, you should be asking yourself why. Cybersecurity dangers are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer, and Cybersecurity Ventures predicts that global cybercrime costs will reach $10.5 trillion annually by 2025. Creating trust, security and accountability in the electronic world is our most pressing challenge.
So how do we do this effectively? The answer, I believe, is twofold: we need to look backwards, using the past as a benchmark; and we need to plan with real foresight, understanding the true scale and nature of the problem.
Looking to the past to guide our thinking
If we think about information exchange historically, hundreds of years ago people communicated via a paper roll with a wax seal, so that the recipient could be certain their message had not been tampered with. More recently, we placed letters in envelopes that we glued closed for the same reason. There were rules in the legislative framework of society governing how you treated those communications, rules you had to obey, that safeguarded privacy and created trust.
We also built castles around ourselves – or walls around cities – because we understood that we could not protect ourselves adequately alone. And then we added a moat to make an attack even more difficult. Both individuals and society at large understood how those fortifications worked – they could see them for themselves. They could assess exactly how thick and high the walls were; however deep the moat, they could understand it.
The challenge in the world of cybersecurity is that the individual lacks this understanding. It’s a completely new aspect of society that they haven’t been trained in for thousands of years. Most individuals barely have a basic understanding of cybersecurity – because most of this knowledge resides in the domain of corporations.
Trust and the individual
To bring individuals into the cybersecurity fold, we need to understand how trust functions in their minds, and use the behaviors that are already embedded deeply inside them. The archaic patterns of trust and security still work, but the electronic world adds an extra layer. We need to find a way to create a culture of trust covering this additional layer, and generate acceptance within people’s thinking.
We have tried to build electronic trust by doing everything possible to ensure our infrastructure is both threat-resistant and risk-tolerant. However, we haven’t truly understood what gives individuals a feeling of safety.
We have tried to build electronic trust within institutions by validating user and device identity at the system point of entry, identifying and mitigating against vulnerabilities – and by doing everything possible to ensure our infrastructure is both threat-resistant and risk-tolerant. However, we haven’t truly understood what gives individuals a feeling of safety.
We’ve moved swiftly from mainframes to networks and a more disseminated model of computer work, to the ultimate network – the internet. Using the internet has become fundamental; to participate in the electronic world you need to use it. And if everyone needs to use it, then talking about trust and accountability means we need to think globally.
Employees work in small, interconnected satellites – connected with the company, each other, and the world at large – and we need to build small spheres of security around each one.
We also need to realize that the Covid-19 pandemic pushed us into the next stage, which is not a disseminated model so much as an atomized one. It’s not even about working from home: employees can work from anywhere now. No longer do 2,000 people arrive at work at the same time and leave at the same time – the shift has happened, and there’s no indication that the working world will return to its former model.
Now employees work in small, interconnected satellites – connected with the company, each other, and the world at large – and we need to build small spheres of security around each one. The same applies to consumers, who interact very differently with companies now.
For instance, consumers interact with companies far more on digital channels now, particularly in the aftermath of the pandemic, and as a result are taking more control over how their data is used and secured. They, too, need spheres of security around them – which means we need to find solutions to cover the entire chain of reliability.
Planning for the future
The challenge is to bring the security of those satellites to the same level as that of the corporation. As we do that, we cannot afford to neglect the human aspect, because trust is partly a logical proposition, and partly an emotional one – we put our trust in other human beings, whether or not that decision seems rational.
Trust is partly a logical proposition, and partly an emotional one. This means that those of us who work in cybersecurity will need to be well skilled in communication.
This means that those of us who work in cybersecurity will need to be well skilled in communication – and not many of us are. Basic communication skills are not taught in schools and universities, so we will need to build that expertise, and educate ourselves in being human.
If we don’t invest in learning to communicate well, employees will not have any empathetic relationship with the companies they work for, and those companies will become interchangeable. How we are joined together depends on the emotional domain – we can’t treat people like robots.What we need instead is to create awareness about cybersecurity concerns and take action, and start talking about them in a new way, in a human way, with understanding. And we need to do all of this in the so-called post-truth world, where the manipulation of truth and creating uncertainty have become industrialized.
In this environment, then, how do we seal the scroll, glue the envelope closed, light the watchman’s lamp? We watch and guard the process, and allow for legal frameworks that can govern the virtual world. We thoroughly educate individuals about the dangers they face, and take the threats seriously ourselves.
And we plan for a future where we build trust in all of our institutions with an understanding of human behavior, with empathy, and above all, with true foresight – the kind of awareness and planning that will enable us to respond quickly and effectively to future threats.
