Dr Patrick Scolyer-Gray 04 Feb. 2021
The insideYour organisation’s sensitive information is like the inside of an egg.
All the personnel, endpoints, IP, stored data and anything else of value is the egg white, with the yolk the most valuable information, such as passwords. Any information that could be attractive to cyber threat actors is like this gooey interior: dynamic, soft, and dependent on protective casing for safety and structural integrity.
The shellOn the outside is the ‘hard shell’ of your cybersecurity infrastructure. This includes your firewalls, honeypots, network and application security, and more. Combined, these technologies form a protective barrier around your organisation’s vulnerable and valuable contents.
To ensure their security against cyber attacks, most organisations today add layers of protection, constantly updating and investing in different methods to improve the protective properties of their ‘eggshell’.
Cyber security experts know, however, that no shell is perfect. This protective shell can be cracked, peeled away or otherwise bypassed, ultimately leaving your organisational ‘insides’ exposed.
No infrastructure will be effective unless these security technologies are understood and adopted by the people it is meant to protect. So people – your people – are crucial to your organisation’s cyber security approach.
Cyber-Sociology works with the weaknesses and strengths of your people to achieve a stronger security posture in your business.
Cyber-sociology seeks to change the properties of the egg’s contents so that your business is less vulnerable and less dependent on the eggshell for security.
Since we know that the eggshell will inevitably be breached, your people must be able to repel any attacks individually. If we demystify and increase cyber literacy and instil an intrinsic motivation to cultivate a security culture, then the threats presented by cyber threat actors are diminished. Any social engineering and vulnerabilities created by human errors are dramatically reduced.
It is important to recognise that once it has been hard-boiled, the egg still needs its shell.
A balance must be struck between strengthening both your human and technological capabilities. We must remember that our eggshell is still a critical deterrent to and shield from cyber attackers. The better maintained our firewalls and network security, the harder we are to ‘crack’.
And even if these outer defences are breached, we can still learn from our mistakes, educate our people and more efficiently and knowledgeably use our cyber security technology.
Cyber-sociology is a paradigm shift away from the conventional approach of layered technologies. It requires a shift in thinking and strategy. With a more human-centred approach, cyber-sociology offers new ways to efficiently use the infrastructure you already have in place and achieve a superior security posture at the same time.
To find out more about Human-Centric Cyber Security you can reach out to Patrick Scolyer-Gray
Setting aside the hype and hysteria, watch our panellists as they interrogate AI’s implications for cyber threats and cybersecurity, focusing on providing practical strategies and tactics suitable for building cyber resilience.
When human error accounts for up to 95% of data breaches, technology clearly isn’t the problem. We are. In this […]
Human-Centric Cybersecurity Champion, Dr Patrick Scolyer-Gray, shares his knowledge and experience on all aspects of cybersecurity.
The discussion so far has dovetailed into an argument for how techno-centric and HCCS can (and do) work together to resist and repel cybercrime, and although it is great to have a strategy for what we need to do, we need to remain cognisant of the sobering reality of our predicament: The ransomware crisis is far beyond the scope and capabilities of any single company or organisation.
In my last article, I made the argument that Human Centric Cybersecurity (HCCS) and conventional technical elements of cybersecurity need to work together as a unified front when combating ransomware. So, how does that work in practice when applied to combating ransomware?
Having recently covered the basics on ransomware and why it’s a clear and present danger, it’s time to look at the limitations of what has been the traditional approach used to try and resolve these issues.
Cybercrime has long been the stuff of the Internet’s collective cultural imagination; a well-worn stereotype of the hooded figure hunched over a keyboard. It might sound dramatic but make no mistake; ransomware attacks have grown in scale and frequency to a point where they now threaten the safety and wellbeing of all Australians.