The Threats to Our Current Digital State and Our Responsibility as Cyber Security Professionals
As long as humans are humans that utilize technology, we will never reach complete digital security. We can, however, make strides to exist with safety in mind. Just as we walk down the street, aware of the cars that pass by and the dangers of the physical world we have to ingrain the same level of awareness as digital citizens in a world built with hand crafted code.
The roads we drive on for work, family, or anything else we may be up to, can be riddled with potholes, road signs, directions, misguided information, and fun activities- it's up to us to understand how we can be affected by the dangers, the distractions, and the guidance we find all while ensuring the safety of ourselves, our passengers and others in a vehicle we are responsible for maintaining and fueling.
The physical infrastructure with its strengths and weaknesses is no different than the digital infrastructure that is provided by the code we utilize to travel through our digital environments. Just as road material varies from region to region depending on availability and the craftsmanship utilized, coding can vary greatly from developer to developer. The same challenges that face the physical infrastructure affect our digital building blocks too and the ability to ensure safety is just as important but cannot be standardized from one location to the other. Our online architecture is the same.
The average internet user has little to no information or interest in cybersecurity.
Cybersecurity training and curriculum must be made interesting for employees and students. It needs to be a part of everything we do not just a training exercise. Before you are given a loaded gun you need to know which end is dangerous and the consequences of not wielding it properly. We’re giving accounts and login credentials to people without properly explaining what the use of these things means to not only their ability to utilize platforms and tools, but to their own safety and the safety of the organizations they are associated with. It’s not cybersecurity training- it's digital safety and the sooner we all adopt the change in perspective, the better.
The internet- the way it functions, the way it’s built, and how we use it should be discussed in a way that is easy enough for a child to understand. Children use it.
It is the responsibility of everyone who uses a thing to be responsible while using it; not only for their own safety but for the safety of those around them. You can be hyper aware of your own digital persona, but if your family and friends announce that big trip you took, or where you may be headed, or any other personally identifying information about you, it can be leveraged to target you and everyone around you, including the networks and data that are leveraged by each individual.
So, how should companies ensure that their data doesn't end up for sale via the darkweb or other means? You can’t ensure it won’t. But having a proper cybersecurity strategy in place will greatly reduce the risk. Organizations should all assume the data is out there and that the credentials have already been compromised- but with technologies that seek to remove the need for passwords completely and even the multifactor settings that are currently an option for many platforms and identity management controls this will no longer be the issue it is currently. The simplest answer is likely the best more often than not.
Almost every recent breach and spread of ransomware can be traced back to compromised credentials.
Cybersecurity tools are largely accredited for providing online privacy and security. In my opinion, these tools alone are ineffective against growing online threats. Just as owning a hammer doesn’t get your house built, owning tools and expecting them to just work is silly. You need staff trained to wield them. You need to be aware if there are more efficient ways to do a job too- example: Now that you know how to use a hammer and use it well, are you ready to move onto a nail gun? Will that cost be justified in the time and effort that is saved? If you’re building a whole house maybe- if you’re building a something smaller, you may not need to purchase something so robust. It all depends- but none of these things are valuable on their own.
IT teams have the most challenging job – to keep intruders away and ensure the digital infrastructure is safe. Reliance on IT teams should be increased, not decreased. Our reliance on the systems they maintain isn’t tracking down- why on Earth would our reliance on the people putting the processes into place be reduced? There are ways, however, to increase their efficiency and their passion for security. Support from the top is always a great place to start with that. Security and IT should be a part of every conversation a business has about strategy. An easy way to determine whether or not these teams should be included is for organizations to ask themselves- is this process going to depend on hardware and software? Yes? Go grab the hardware and software people.
Having their collaborative wisdom added to these discussions is pivotal for business continuity. You wouldn’t allow your employees to work in a physically unsafe environment or your consumers to do business in a compromised space- traditionally you bring in safety experts to consult in those sorts of plans- understanding that the digital environment IS just as important as the physical is a challenge that we are all trying to overcome now a days and many businesses already have the brain power on staff to avoid silly digital mistakes- but they have to be invited to the table.
Recommended by LinkedIn
Online privacy is, of course a concern. For customers to safely share banking information, product preferences, health information, or any sort of Personally Identifiable Information (PII for short) is one of the ways that consumers trust an organization. It is up to the organization to protect that trust and up to the consumers to understand how much they can trust a business. Traditionally this is done in the US through programs like the Better Business Bureau (also known as the BBB), as well as other trusted references, etc.
Now days, with the spread of disinformation and consumers being presented with so many options it’s hard to recognize when to trust, how to trust and why they can trust an organization.
Privacy is compromised and given up in leu of convenience, platform usage terms, and ease of use. Most of the general public doesn’t fully understand how their information can be used against them. They only fully understand once their business processes are shut down for extended periods of time, their financial accounts are empty, or law enforcement is at their door asking hard questions. Compliances like FERPA, HIPAA, etc. strive to give organizations a handle on the who, what, when, where, and how- but these compliance building blocks can be interpreted in different ways due to the fact that they have to blanket so many different digital infrastructures.
Due to my volunteer work, my day is likely the same as everyone else’s day- but my perspective on my interactions may be vastly different. I find myself considering how every interaction can or possibly could benefit from knowing the Innocent Lives Foundation, how they can help and how the resources they provide can be useful.
For example, I had a luncheon with a CISO of a private university last week- This person is a client of SecureNation. During our usual pleasantries and IT/Security roadmap discussions they mentioned that their 7-year-old had a YouTube channel that was gaining popularity.
The conversation quickly turned from usual business dealings to concern for their child’s digital safety as well as the digital safety of the viewers that they attracted.
We will have a meeting later this week to walk through the privacy and chat settings of the minor’s channel.
I am also keenly aware of the darkness that exists not only in our physical realm but also the digital play land we have created and bridged from one nation to the next. To be an IT/Cybersecurity professional means you also either intentionally or unintentionally know some of the methods that are utilized to extract and expose our human vulnerabilities. My organization, SecureNation, is focused on all thing's cybersecurity. I, as a mother of 3 small children that do utilize internet accessible devices for learning and play, find myself focusing on authentication platforms, privacy settings, network controlling and monitoring features of applications. I also tend to advocate for user education.
A loaded gun, by itself, is not dangerous. It’s the user's education and intentions that determine the safety level of any weapon. The internet is not the thing that is dangerous- it's the users that make it that way and it’s up to us in the industry to connect the users to proper training and education on how to use it in a way that doesn’t weaponize the way we connect to the rest of the world.
Work and life for me is one constant strand of consciousness. My work focuses on bringing people, processes, and technology together safely to fulfill business outcomes and continuity. When we’re spending time together as a family we are, in one way or another, interacting with devices that are connected. By having my mobile device on my side, a threat actor could potentially know what park I’ve taken my children too, or what my plans are with others by reading my messages. They could potentially unlock my doors that are also connected, turn my clothes dryer on and overheat it, take pictures of the inside of my refrigerator, take control of my home’s safety systems, or infiltrate the viewing and gaming systems we use- They could speak to my family through our connected devices. I spend most of my time understanding the platforms we utilize for fun and ensuring that we are doing that in the most safe and secure way possible. I am afraid that is not how many families are operating. It may seem over anxious, but I ask you- what do you pack when you’re planning a trip to, say, the beach? Sunscreen, appropriate clothing, activities, health and hygiene products, or snacks for the road? You could probably list a million things that I’ve forgotten and many of us add to the list with experience and wisdom of previous trips- I do the same, but add to it all the ways I know to protect my family’s fun and folly from a digital perspective too.
In pursuit of a safer digital experience we must all ban together, not only those of us in the industry, but also outside of the industry. With patience, empathy and time taken to understand what is important to each of us as organizations and as individuals, we can achieve safer spaces for us to exist digitally.
Global Cybersecurity Leader. CEO Janos LLC. Named 2024 Top CISO & Cyber Leader! Practices at intersection of Technology, Law, Compliance & Policy. CISSP & LPEC certified (Ethics/ Compliance). Website dianejanosek.com
3yThank you Rachel Arnold for your well- written article! Take a look at XRSI Kavya Pearlman ⚠️ Safety First ⚠️ as your oassions to protect children align. # StrongerTogether
AI Strategist, Chief Of AI VCISO, Keynote speaker, LLM Whisperer, Passionate about people, Neuro Diverse Thinker
3yWise words, well done!
VP Enterprise Risk Management and Chief Security Officer at Heritage Valley Health System
3yRachel, I'm loving the concept of "digital safety" and the analogies you provided. Just like seat belts and air bag adoption, our culture will need to mature and understand the value and benefit of having a baseline of security best practices established in their personal lives. Unfortunately, just like automotive safety, there will be far too many casualties before society is ready to change.
MNCM MISM MBA | ICT/InfoSec: Strategic Management, PLM, Market & Business Development
3yWe just may have to upgrade you from an API to more of a systems/thought integrator role! 🤔 Nice work!!!
Director of Cyber Security Operations - Global Threat Management
3yWell written! The more we refer to this as "cybersafety" over cybersecurity I think the average technology user will respond to the word Safety and will naturally pay more attention and pay attention to what is said next!