Securing the future – Understanding cyber security
20 Jun 2016
Cyber security is often understood by executives in tactical terms – protecting elements of their organisation’s IT systems and securing parts of their sensitive data. There’s a tendency to view each item of cyber defence disparately, rather than holistically; any given problem can be patched with a firewall here, an access control there or an enhanced process. It’s an incremental approach, and it’s understandable, considering time and budgetary constraints, but leaders need to fundamentally change their attitude to cyber security if they are going to improve their posture against the greater threats to come.
The internet and the IT industry are in historical terms very immature. Although some of the early infrastructure was the offshoot of military wartime resilience planning, the internet as it emerged in the late 80s and 90s was very much conceived as an open source community, sharing knowledge, and was inherently insecure. Security was viewed as an addition to this model, reluctantly and haphazardly applied as the need arose.
In many ways, the development of the IT industry mirrors that of the car industry; early models focused on basic utility, followed by speed-to-market, and tolerated woeful safety records. The big change came with the publication in 1965 of Ralph Nader’s book “Unsafe at any speed” which excoriated the industry for its cavalier attitude to safety and was one of the great drivers behind the introduction of seat belts. 50 years later we now have a host of safety measures built into new vehicles from crumple zones to airbags, combined with a rigorous crash testing regime applied to all new models.
In cyber security, although the field may have progressed further than the pre-1965 era car, we have still sadly not reached a point where security is routinely embedded at the root. We need to change our attitude fundamentally because we simply don’t have the luxury of waiting 50 years for the necessary safety features to be adopted incrementally; far too much is at stake. IT systems and ubiquitous connectivity is already embedded in our everyday lives, through the growth of the internet of things, cloud computing and wearable devices. Our virtual and real lives will increasingly become irrevocably intertwined; if you think how much time the average millennial spends on his or her smart phone a day, in many respects we’re already there.
We simply must build cyber security into every device from the very beginning, from the conception to their design to the build. That means ensuring that the hardware and software of all new devices has been rigorously security tested and that those who operate them are so well-versed in best practice, that implementing sound security becomes as second nature as putting on a seat belt when you step into a car.
New leadership is likely to come from small nations; they have the nimbleness to drive decisive changes in attitudes without being hampered by the legacy systems and fierce commercial competition that some larger markets face. The UAE, for example, is very well-placed to be a global leader in this transition, we’re a small nation with a government fully committed to developing a smart nation and an outward looking global vision. Our leadership have defined excellence and innovation as a vision for a country in which the impossible is just the beginning of our journey.
We shouldn’t wait to follow others’ leads but take the initiative by ensuring security is built into our systems from the very beginning. This is the only means by which we can make the future safe; by placing cyber security at the core of our thinking, we’re doing something truly fundamental; we’re securing the advance of technology and in turn the future of our own existence.