It’s been a while since my last overly alarmist IT security rant, and with the holiday season just past—when millions of IoT devices flooded our homes and offices—I figure what better time to scare the crap out of the general public.
But, in this instance, it’s not actually about scaring people. It’s more about acknowledging and accepting the human condition for what it is, and working to mitigate risk against it. Case in point, the far-too-many aspects of the IT security arms race.
The human factor plays into almost all of it
After all, it’s humans who build the networks, it’s humans who write the code to attack the networks, and it’s humans who in turn work to defend said networks. Simply put, technology has little to do with technological warfare … sort of.
The best way to approach this on a human level is to look closely at all those involved in preparing for and fighting against cyberattacks. It introduces a new perspective: how we all need to work together, and who we need to work with.
- The magical IT Department can do anything
Firstly, there is IT—the department within any organization that is generally responsible for making any company function on a day-to-day basis. It’s this department that takes the brunt of the abuse from both the nefarious outside cyber attackers, to the crushing expectations of those who live inside the four walls—those who think IT people can and will be able to do absolutely any task no matter the complexity.A tough place to be, right? History dictates a view of IT that falls into expectations that can only be described as magical. An all-seeing, all-knowing group of people who will keep us safe, warm, and business ready at all times. And when new technology is introduced, that very magic is wielded in such a way that everyone in IT is instantly endowed with all knowledge as though they were plugged into The Matrix like Keanu Reeves.And, as an IT person myself, I think I speak for all of us when I say, “NOT FAIR!”—especially when it concerns IT security. Knowing the time and effort it takes to become an expert in just one aspect of technology, people need to understand that IT departments need help. Engaging with outside IT security specialists is not admitting defeat—it’s admitting that you are smart enough to hire the right people to help defend the masses.
- Partners keeping would-be attackers at bay
Which, of course, brings us to the next human element: the partners. Engaging with IT security partners chips away at human vulnerability. It does away with hubris, as well as a lack of confidence, creating a level playing field whereby two entities come together for the common good to establish the right technology, the right infrastructure, the right protocols, and the right habits all designed as an interconnected ecosystem of smart people doing smart things to keep would-be attackers at bay.
- Folks outside IT are sometimes the attacker’s best friend
Then we have the folks outside IT. The people you smile at in the halls and at company events; the people you work with on inter-departmental projects; and people you perhaps bowl with. So, what do they have to do with IT security … a hell of a lot!It’s the people who are outside of the know who can sometimes be unwittingly the attacker’s best friend, and the worst enemy to those who employ them. Why? Again, the human condition. Without knowing the seedy underbelly of IT and all things bad in the world, they can let the Trojan horse through the proverbial gates. Not because they are in anyway involved with the so-called attackers, more because they love horses. Not understanding cybersecurity is a human issue that revolves around constant education. Giving real-world examples of how they can be compromised, can transform them from would-be and unknowing accomplices to heavily armed guards at the cyber gate.Lifting the veil to teach them the do’s and don’ts, along with letting them know they shouldn’t be embarrassed if and when they become a victim, will help lock down the fortress that much more. Again, addressing the human factor without getting too embroiled in technology.
Humans, shore up your defences against cyberattacks or else
As our world continues to evolve, there will be more attacks on the horizon. From DDoS attacks leveraging IoT devices, to mobile intrusions, to ransomeware, and more—no one can prevent attacks like us humans.
And if we should ever fall to the rise of the machines like some post-apocalyptic Christian Bale movie, I for one welcome our new machine overlords and hope for a job that doesn’t involve a wireless shock collar—although as an IoT device it may be easy to hack and use to defeat the robots … only time and human history will tell.
Originally Published in DirectionIT Issue 7.
- I welcome our new machine overlords - Aug 29, 2018
- In the age of the customer, the CIO is between a rock and a hard place - Jul 6, 2017