We’re focused on…
Whether or not cybersecurity professionals are annoying.
Hold on, what?
We spoke to Wojtek Swiatek (VP and CISO at Dassault Systèmes), and he said:
“Cybersecurity is often seen as either a role where you annoy everyone, or technical wizardry. It is however primarily a communication job where you aim to bridge real-life risks with the objectives of your organisation.”
So what are you: annoying, or a wizard?
Our perspective is that you are neither annoying, nor a wizard. Hopefully most of your colleagues and customers agree.
But Swiatek’s point is that most people don’t understand cybersecurity well enough, and that’s why their view of what the industry does is polarised: they’re either in awe of us or irritated by us.
And the lack of understanding has implications that go far beyond the perceived identity of cybersecurity professionals.
What misunderstanding can mean for cyber crime victims
The UK government co-produced a report called A Call to Action: The Cyber Aware Perception Gap. It noted several implications of the lack of cyber awareness:
The public are likely to feel that cyber crime is victimless, even when they know about the consequences that a particular victim has suffered (like losing money or having to fight to regain control over their own identity)
The public are far less likely to report that they’ve been a victim of a cyber crime than a ‘traditional’ crime
People underestimate the likelihood that they’ll be the target for cyber criminals
There’s a widespread belief threat actors are only interested in big businesses or celebrities, and don’t attack ‘ordinary’ people
And a common misconception that cyber crimes don’t carry serious consequences for individual victims
All of this adds up. The lack of awareness means that many people aren’t learning about how to protect themselves and their information.
And from the information security side, that creates a huge communication challenge. Often, we feel like we’re talking to a brick wall: we share critical information and really valuable tools to help people safeguard their data, but very few people really care.
The perception gap is bad for businesses as well as individuals
As well as leaving themselves at risk, people who underestimate the dangers of cybersecurity are also putting their workplaces at risk – and even businesses and government organisations they interact with as customers or citizens.
When a customer is the vulnerable entry point that attackers use to access a company’s network, it’s the company that gets blamed for the breach.
Password re-use attacks are a clear example of poorly informed customers being leveraged as a point-of-entry. Hackers take customer login details from one website, and then use them to hack into accounts on other websites, because the customer is using the same password across multiple businesses.
UK national lottery owner Camelot and delivery service Deliveroo have both been hit by large-scale bad press as a result of attacks like this – and it’s happening all over the world.
So it’s not enough to be annoying, or a wizard (or an annoying wizard)
We can’t roll our eyes and shrug it off. Because if individuals perceive cybersecurity work as an annoyance, or as a magical and mysterious endeavour, that means they don’t understand what’s going on.
They don’t know that cybersecurity isn’t a piece of code or a firewall or a room full of experts tapping away at keyboards.
They don’t know that cybersecurity is rooted in communication; or that they play a crucial role in their own security, and in the collective security of their professional and personal communities.
And they need to know that.
Read our full interview with Wojtek Swiatek: Cybersecurity in orbit.
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!