CRACKING THE CODE ON CYBER SECURITY RISK
Simon Sinek, the British-American author and inspirational speaker, talks about trying to understand the “why” in aspects of business leadership in his book ‘Start with Why’. This helps us understand the underlying causes, needs or desires of a situation, leader or team member. Companies that are constantly battling a defensive front that seems to never end regarding cyber security usually have a ‘why did this happen?’ moment.
This article is not going to explore things from the threat actor’s perspective, but instead will look inward to understand the why related to the risk businesses and society holistically face – a culture that thrives on seemingly never-ending cyber security issues or incidents.
One of the first truths of the information security industry is that technology is not the problem; people are the problem. Technology, for the most part, works the way it is intended. People’s interactions with and understanding of that technology is imperfect. People are flawed and do not have consistent application of algorithms when dealing with technology. Some will argue that technology becomes flawed or can be flawed intentionally. We will not be dealing with the merits of this concept for the purposes of this article.
Many reasons cause the ‘people problem’. One of the top issues is the speed of business. People’s interaction with technology (and strategy and regulation and each other) make it the one risk companies can do almost nothing about. So, the solution comes down to correcting the culture that encompasses those people.
Jul-Sep 2022 Issue
ISACA