It could be argued that cyber security originated primarily as a technical issue.
Vulnerabilities in software were exploited initially to cause disruption, but as soon as financial transactions were allowed on the internet then these vulnerabilities were exploited for criminal gain. As soon as there is criminal activity then law enforcement attempts to quash it and if it doesn’t then the activity increases and the entire issue becomes political.
The website ‘The Atlantic’ this week discussed how cyber security may now have become ’so’ political. They reference in depth the recent change in leadership and government in the USA and how during their election campaign they promised to make cybersecurity “an immediate and top priority”.
They then go on to report on a trail of cyber security problems that have plagued this new administration in its first few weeks. From the new president using his personal smartphone through to the official Twitter account of the President, @POTEUS, having poor security settings.
It would appear that they do need to get their own house in order before any findings, and subsequent recommendations, from their pledges to resolve national cyber security issues will have any credibility at all.
Fortune magazine ran a piece discussing that now with hundreds and hundreds of cyber security vendors in the market, and with them all promising to prevent you or your organisation from an imminent disaster, how do you go about selecting one? Is it a case of it’s better to go with the bigger and more established ones?
They suggest that “average business customer, however, lacks the time and money to sort the saviours from the snake oil. That’s why, in cyber, there’s a strong case for faith in big companies: They have the resources to protect your business and, if a new security bell or whistle emerges, they will know about it. Meanwhile, customers won’t waste their time with flash-in-the-pan products.” Although I understand their soft recommendation here, it does suggest that the people making decisions on cyber security mitigation are just going for an easy answer, as opposed to fully understanding their own vulnerabilities.
There is no ‘one size fits all’ in cyber security, due to the incredibly diverse nature of each and every companies IT infrastructure. So, there is no guarantee that a big company will be any more effective as a smaller company. But then are many people trying to buy peace of mind, as opposed to genuinely resolving the technical, management and procedural issues of this subject? Perhaps that’s the question to ask, as opposed to the one about a cyber vendors’ size.
Of course, selecting a vendor, especially one that is hopefully going to protect the digital assets of an organisation, is going to usually need approval from the board. Hence it’s slightly concerning that according to a report by Bloomberg, only 5 percent of large U.K. companies say their boards include directors with expertise in information technology or cyber security.
Does this mean that those at board level are again making decisions without fully appreciating the nuances of the challenges that they face? Maybe it’s them just ‘going with’ the big cyber security vendors as it’s an easier decision? I’d be willing to go out on a limb here and say that if this is the case then chances are the members of these boards probably are using their own personal phones for business use and perhaps have relatively low security protecting their businesses social media accounts. Is it any wonder that it’s all got so political?
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.