Next Generation of Cyber Security
As I walked through RSA last week, I was struck by the usual fear laden messages “You’re not safe and never will be but I (vendor) have a silver bullet that will protect you.” And, I wondered if this fear-based approach is deterring a badly needed next generation of cyber security approaches.
For as long as I have been in the security industry, the focus has been on selling fear and today that fear is firmly anchored around cyber attacks and what could happen when attackers compromise your network and get a hold of your data. As much as the specter of cyber attacks is real the paranoia and hysteria that accompanies it often gets in the way of finding real solutions. While there were some new and innovative technologies on show at RSA this year, many vendors are still touting yesteryear technologies and approaches.
Expanding Data Networks
In the Workplace, digitization has changed how we work – it goes beyond the devices we use and where and when we work, and more to the tools and data and our interactions with a expanding networks of people and data. Yet, despite the fear around security breaches, there are few security approaches that truly focus on securing at the data layer with a contextual focus on people and the expanding number of applications in use today.
Digitization increasingly shapes our everyday lives. It’s changed how we manage our personal finances and how we form networks and connect with people socially. Yet despite much media hype around increasing cybercrime, approaches to staying safe online are seem lax compared to the precautions that people might take with their physical safety. For example, parents who would not leave their children unsupervised while outdoors will let young children play on Internet-connected tablet devices, without adequate safety precautions, potentially putting their children at risk at being exposed and in the longer term being exploited online.
So how do we usher in a next generation of cyber security approaches
- Children need online safety programs as part of their curriculum. And, to do this successfully, requires that resources also be injected into teacher training and awareness of where to focus and how to make cyber security enticing.
- Parents and families need to get involved. A key finding from a recent study Addressing Gender Gaps in Teens Cyber Security and Self Efficacy was that teen girls were likely to develop confidence and interest in cybersecurity through informal approaches. It’s a great opportunity for cybersecurity practitioners to become role models and mentors to a younger generation.
- I noted earlier that many cyber security approaches lag as much as 10 years behind the business landscape. Overhauling industry approaches is difficult when approaches and toolsets have been in use for decades. That’s where reverse mentoring can play a role. Partnering with young people is not just about them learning from us; it’s about what we can learn from them.
- It’s time to finally drop the fear-based messaging. That would help us focus on what really needs to be fixed versus exploiting fear.
By Evelyn de Souza
Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW’s Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry’s first blueprint for making data protection “business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.