The Road to Cybersecurity: A Response
by Graham Westbrook
We recently read an article in which the author, Gregory Michaelidis says the “road to cybersecurity is paved with extraordinarily basic things.” These are the same things that have plagued organizations for decades: failure to set strong passwords, patch devices, avoid suspicious emails. In other words, these are the human things.
In light of Verizon’s newest Data Breach Investigation Report (DBIR), Michaelidis’ observation is ringing in our ears. DBIR finds that companies are almost three times as likely to get breached by phishing attacks (against humans) than via vulnerabilities (against technology). Meanwhile, big budgets are spent acquiring the latest technology. Is it any wonder CSOs are shocked by a low return on investment?
The road to cybersecurity is so elusive because it is overshadowed by the highways of glittering technology: the solutions boasting of AI and machine learning, of “real-time” monitoring and of automated threat hunting. None of these things are bad. In fact, these things have catapulted us into the future. But at the expense of the basics, neglected at each intersection of the journey, such that we keep going in circles. The road to cybersecurity will be the one that views the journey “through the lens of people, and not only technology.”
The unofficial motto at LivingSecurity is “security for people,” and we have invested years of cumulative research, time and energy into helping people get the basics right. We do this by integrating behavioral science, intelligence and gamified-learning. Notice these are all human-oriented things: directly aimed at our industry’s biggest problems.
Why games? It doesn’t matter if you like hockey, trivial pursuit or bingo. (Or God forbid, cricket). We enjoy games because they are fun and because they help us interact with people to overcome challenges. Games also provide a unique context for us to learn and to communicate and to be human.
Graham Westbrook is the Director of Intelligence & Content at Living Security. He has a B.A. in Intelligence Studies and is currently pursuing a M.S. in Criminal Justice/Forensic Psychology. Graham is an intelligence practitioner at the intersection of cybersecurity and human risk. He has bylines at Russia Direct (RBTH), Leksika, SANS and Living Security, and will be speaking at RMISC 2019.