Following a series high-profile cyber attacks, most cyber security professionals predict the 2018 outlook will be bleak. Today, it seems scarcely a day goes by without a new article or opinion piece cropping up to remind us of the threat of impending cyber doom.
I take a slightly different view, and do so for the following seven reasons.
- Cyber security is about more than just “technology” and “security”. Cyber security is also about our environment, our societies and arguably, our evolution. The stakes are high. And with the stakes so high and the threat increasing, I believe we can expect people to begin responding accordingly. We human beings have a remarkable habit of finding inspiration through desperation. I believe, as cyber threats and risks increase, cyber security will advance at an even greater rate.
- As time goes on, we are beginning to see greater levels of sharing and collaboration. The UK financial services firm Barclays recently launched a marketing campaign designed to increase cyber security awareness. Similarly, the Institution of Engineering and Technology’s Cyber Security Hub brings together engineers and cyber security specialists to share insights and developments. While neither are likely to be entirely selfless, the fact that such initiatives now exist offers incredible hope for a dramatically more secure future. There are many other examples of such collaboration and information sharing.
- The increased threat is forcing us to resolve some serious issues. For far too long, people have avoided several big issues within cyber security. Privacy has arguably been an afterthought. National security implications have not been understood as well as they might. Cyber security education has been woefully lacking. And the lack of diversity within the information security community has meant we have a long way to go before we can truly claim to be tapping into all talent society has to offer. Today, the landscape finally appears to be shifting with each new cyber security-related frontpage headline. The EU’s new General Data Protection Regulations seek to positively address issues concerning privacy. To enhance national security, the UK recently opened a new National Cyber Security Centre at GCHQ. And as part of its cyber security strategy, the UK government has pledged to invest in cyber apprenticeships, retraining schemes and advanced cyber security teaching in schools. And these are just in Europe and the UK. All over the globe there are clear signs the world is beginning to stir.
- Increasing threats are fuelling demands for better cyber security provision. In turn, stronger demands are creating opportunities for disruptive start-ups who simply do what is needed better than most. The end result are better technological protections – such as behavioural biometrics and intelligent whitelisting – but also increases in the extra precautions people take. Each successful new endeavour makes the world a better, safer place.
- Our governments are stepping up. Despite some clear exceptions, the reality is most governments seek to enhance their country’s welfare. Governments might be cash-strained and often tardy but cyber security finally seems to be getting the attention it deserves. In 2016, the Australian government pledged to invest $AU 230 million in cyber security improvements. More recently, the UK government set aside £1.9 billion to enact a new cyber security strategy. Although governments won’t be able to revolutionise security on their own, when combined with support from citizens and businesses, their investments have the potential to permanently enhance security worldwide.
- People are both the key and an underutilised resource. Too many businesses still see cyber security training as an exercise to keep regulators happy, and therefore offer tick-box training that does little to change people’s behaviour in practice. The result is today’s status quo – insufficient cyber security awareness, unnecessarily risky behaviour and frequent and increasingly severe cyber attacks. It’s a status quo we no longer need to accept. Training that changes behaviour now exists. After decades of being labelled a weakness, people stand poised to become our ultimate resource. Forward-thinking businesses are already cottoning on. Those that still see behavioural change as a “nice-to-have” are likely to have a tough road ahead.
- The status quo is overrated anyway. It’s hard to argue that, today, cyber security for most businesses is where it needs to be. But things change. Societies evolve. Technology progresses and people adapt. Humans have an innate tendency to fear change – a tendency possibly linked to our aversion to loss. But in the case of cyber security, change must be embraced. The current status quo is now unsustainable. I believe, in time, good people will hit back.
For these reasons, I’m more positive than most when it comes to cyber security in 2018. We’ve overcome global challenges before and when pushed, are capable of some amazing feats.
Oz Alashe is CEO & Founder at CybSafe and co-author of Tackling the Human Aspect of Cyber Security: The Psychology of a Law Firm.