Author: Guy Golan, CEO, Performanta
There are books I have read that have had a deep impact on me; Sapiens, by Yuval Noah Harari, is one of them. In this analysis of the history of humankind, a particular sentence struck me: ‘It takes a tribe to raise a human’.
The book describes how a colt can trot after its birth and a kitten can leave its mother when it is just two weeks old, whereas a human baby is dependant for sustenance, protection and education from elders, for many years. Our childhood nurturing contributes to us not only having extraordinary social abilities, but also our own unique social problems. This is when I realised that this can also be paradoxically true of the cyber security world.
The evolution from cyber security to enterprise cyber safety
As humankind has evolved, years of education and innovation have increased our brain-power, allowing us to create an amazing technological landscape rich in functionality and automation. And a landscape that’s equally rich in opportunity as an attack surface. Each evolution seems to increase with speed and the advent of the fourth industrial revolution is testament to that. Data science, AI and machine learning are not just buzz words, they’re embedded into the fabric of our daily lives.
There’s a glaring dichotomy within the information security industry that many choose to ignore; while technology solutions offer defence, attacks are still able to penetrate organisations. History has taught us that co-operation leads to progress, yet the cyber security world still fundamentally works in siloes. We have adopted multiple technologies, that mostly, do not work together. Many lack the skills and time to optimise their technology investments, so much of the functionality is left unexplored. Finally, if it’s not kept up-to-date, it can be readily exploited; we only have to look at what happened with Wannacry to see the full effect of this.
The media plays out the story of major breaches in real-time, the security industry all stake the same claims, yet the cold hard truth is that many organisations still have no understanding of whether they are, or have been, under attack - they are simply unaware.
Those who do have strong defences in place are leapfrogging into the position of ‘secure’; they know when they’re under attack, but they are still battling with their business continuity during this time. So, while a vital component, security gaps cannot be plugged with technology alone. Good security is bespoke security – co-dependent on intelligence, technology, people, process – the list goes on.
Tribes understand the value of cooperation. They stand together, each performing an essential function, working for the same purpose and being intrinsically interdependent on one another. More importantly, the warning signs are out there; if we move from a ‘tribe’ mentality to a world of just ‘individuals’ this brings great risk for our future. The same ethos applies to security.
The focus needs to shift from technology to risk; building integrated and constantly-evolving unique defences that focus on the level of risk to each and every individual business. Every decision made in an organisation must be approached at a higher level – ensuring the synergy between all the component parts. The discussion must range from tech through to exec.
It’s time to change the way we think about security; moving the goalpost and evolving from ‘secure’ to ‘safe’. There’s no time to lose. This transition to ‘enterprise cyber safety’ must happen now. And let’s be clear; I would not be suggesting this if I did not believe this is achievable.
‘Safe’ is not a final destination but it means that you can demonstrate a level of maturity that allows for automation and preventative measures. With ‘safe’ you’re fully remediated against the impact of any future attacks, enabling business continuity, while being in an environment ripe for IT innovation and evolution. Those forever playing catch-up risk running out of steam - fast. By re-thinking cyber security we can all be part of this tectonic shift.
There are many facets to a tribe, and by joining together, they create a sum that is greater than the individual parts. History has taught us to adapt, or face extinction. It’s time to nurture a change in security thinking, because if it takes a tribe to raise a human, surely it takes a tribe to build enterprise cyber safety.