In this new series, CUBE, in collaboration with the Canadian Regulatory Technology Association (CRTA), speaks to industry experts about cyber strategies in the ‘new normal’. As the coronavirus pandemic has swept the globe, businesses have been forced to re-examine their approach to cyber. In the first of the series, Dr. Jacqui Taylor explores the Human Element of Cybersecurity.
Are you ready for the #cybernewnormal?
As an International Web Scientist, I can tell you that by the end of 2019 over 50% of the world was online, over 4 billion people. The global online community has been increasing by, approximately, 10% per year since 2005. The World Wide Web is a fabric of permanence which technology has been leveraging to connect the world, the so-called globalisation of our society. This technical revolution has benefitted every connected person based on their use of the technology. However, it has its dark side.
Based on an IBM survey, 77% of all organisations are not prepared for a Cyber Crisis. Insider threat is still a real risk, and we have come to associate this risk with exposure of personal data.
Based on 2019 data exposure report, 69% of companies admit that employees and contractors were the source of the leaks, obviously these were not predominantly malicious.
As part of the ITU survey for 2019, in 40 of the 84 of the countries less than 50% of the population has basic computer skills. It may surprise you to know that basic digital skills were considered by ITU to be whether staff could copy files or use email.
Cyber hygiene is very poor in our workforce across the countries we have data for, so we have to assume it is worse in those countries where we do not have data.
As CEO of FlyingBinary where we change the world with DeepTech I am an Expert Advisor to the G20 and the United Nations. I have assessed the risks for Critical National Infrastructure and the Cyber risks related to the build out of the industrial IoT in the global Digital Economies. At the end of 2019. We had 9.5 billion connected devices being integrated into networks, our supply chains and of course our homes.
This was the known Cyber landscape before the world at large was aware of the impending Covid-19 crisis, which would of course ultimately lead to the current pandemic. Some nations are now easing out of their Isolation Economies but as shown by the recent reintroduction of lockdown measures in some areas of the world this crisis is far from over, whilst we still do not have a vaccine.
The Covid-19 crisis has demonstrated never seen before co-operation in organisations, across nations across our economies AND between cyber criminals. Work from Home (WFH) has become the norm for over 1 billion people, the most well-prepared cohort for this change were the cyber criminals who already work online.
Every nation has struggled with the phenomenon of WFH in this pre-vaccine pandemic, from a Cyber point of view it has been just like a zero-day exploit, across the entire world.
The Human Element
The biggest cyber risk right now is our people. Essentially the Isolation Economy has accelerated a new social contract which is predominately online. WFH is a reality for our future businesses. Tech is the predominant driver for all organisations now, but that makes every business leveraging technology vulnerable. Cyber is now an operational risk for everyone’s business which means we need to re-examine all aspects of our cybersecurity strategies, particularly related to understanding the key risks relating to people. Considerations include:
- How the WFH environment affects the potential for insider threats and risk – especially in financial services.
- Ensuring employees receive effective training and are suitably aware of their increased vulnerability in a WFH environment.
- The blurring of boundaries between work and home life owing to WFH – and how this may affect threat monitoring scenarios.
- Ensuring firms and employees capture, monitor and implement the new regulatory rules and policies that will undoubtedly be a product of the ‘new normal’.
The Industrial Internet of Things (IIoT)
Managing people to minimise and mitigate cyber threats is imperative, however, all organisations must alter their responses in the context of the landscape currently in operation with the emergence of the Industrial Internet of Things (IIoT). This is not simply a digital transformation, but a far wider, all-encompassing issue.
IIoT builds out the risks I have articulated for businesses, which means we have a totally different Cyber risk scenario to manage because it is:
- A fully distributed not centralised architecture
- Uses different business models not just different commercial models
- From a Cyber perspective threat-based approaches don’t, and won’t work for IIoT
- Cyber Risk based approaches are the core proposition for IIoT
- IIoT architecture is distributed with the focus on Core and Endpoint not Edge services.
Listen to the experts
On the 25th August, the CRTA and CUBE hosted an audience-led roundtable that discussed the new normal for cyber. You can listen to it on our catch up service no.