Senior Security Solution Architect, Vodafone Enterprise Security
It’s good to dream. We often spend so much time focusing on our current projects and future to-do lists, that we forget to step back and ask “Why are we doing these things?” and “How can I do this better?” However, when we do think about it, we might conclude it’s always been done that way or it’s simply too difficult to fix. This is why we have to dream and say “What if?” So, if I had a magic wand, what would I fix about cyber security?
It’s a big question – and perhaps in dreamland the obvious move would be to magic away the bad people trying to steal or break things. But unfortunately I don’t think it’s that straightforward. You see, even if we stopped the bad people wreaking havoc, we’d still have the good people making mistakes, data being lost and we’d still have security problems.
So what if we used our magic wand to create perfect code instead? The bad folk would still be malicious, but if there were no vulnerabilities in software, wouldn’t that stop them? We might be a bit closer, but even with perfect code, unless the design is also perfect there will still be areas vulnerable to abuse. So, let’s have our wand take aim at the design instead, and using our magic powers to the max, we imagine we have a user-proof design that passes the ‘ID Ten T’ test (also known as a user error). Is that what I would fix first? In a way it is, but you’ve spied more below, so you know there’s something else.
I’d use my magic wand to create the ‘perfect design’.
To get everyone – both security professionals and business leaders - communicating effectively. With everyone understanding the business outcomes and threats, and everyone understanding the security outcomes and threats; together we can magically generate a flawless set of requirements against which this ‘perfect design’ can be created.
So, it’s time to stop dreaming and think about the insight we’ve gained; even with a magic wand, the first thing to fix to improve your cyber security is the communication between ‘security’ and ‘the business’. Best of all, whilst a magic wand might make things easier, it’s not essential. We must ensure that when we’re communicating around our business, we’re doing so in a way that the recipient both understands and identifies with, and that we help them to communicate with us in a reciprocal way.
So as well as taking the time to dream now and again, I urge you to take the time to consider how you communicate and ensure that you maximise every interaction, because as our research shows, organisations that value security tend to perform better than those that don’t. If you can’t articulate the value of security and your security requirements in language your business can understand, you’ll end up with security nightmares.
Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security insights, you can find us on Twitter and LinkedIn.