A Successful Security Strategy Is All About Relationships. Here’s How to Build Them.
Security efforts are not limited to security teams. High impact strategies need to engage everyone from employees to the board of execs, DevOps teams and IT. Learn how how to become not just an effective partner but a trusted advisor across an organization.
Your Legacy Phishing Solution Isn’t Enough to Protect Your Organization
CISO Josh Yavor explains why legacy phishing solutions aren't effective in preventing successful attacks, and what you can do about it.
9 Things I’ve Learned Writing Phishing Emails
Ethical hacker, Craig Hays, explains why copywriting, timing, and context are all essential "ingredients" in crafting a phishing attack.
Employee Burnout Will Probably Cause Your Next Data Breach
Understanding how stress impacts cybersecurity behaviors could significantly reduce the chances of people’s mistakes compromising company’s security.
Stateful Machine Learning is Our Best (And Only) Bet
Traditional machine learning methods that are used to detect threats at the machine layer aren’t equipped to account for the complexities of human relationships and behaviors across businesses over time. There is no concept of “state” — the additional variable that makes human-layer security problems so complex.
How Easy Is It to Phish?
You don't have to be tech savvy to become a "hacker". This blog outlines how to create a phishing campaign, and was designed to help security leaders protect their organizations.

Explore Human Layer Security.

Learn About Our Mission
Subscribe to our newsletter
Explore Me
Read More
Podcast Human Error

Cybersecurity Has Changed, But One Thing Has Been Consistent: The Human Factor

Dan Raywood
01.12.2022
Share

Illustration by Lily Padula

In this article, Dan Raywood, journalist and former deputy editor of Infosecurity Magazine, reflects on how events like SolarWinds and COVID-19 have changed cybersecurity, and why, more than ever, the human factor matters.

Listen to the full podcast here, or read on for Dan’s top three takeaways.

Events like SolarWinds and COVID-19 have proven that we are more resilient than we think we are

Looking back on 2020, the cybersecurity industry saw little change in terms of big headlines. The change that we saw was in the way people operated. Over the course of the COVID-19 pandemic, there has been a lot more collaboration – a lot more people asking themselves how they can work together to help others. Through this, we adapted to something many might have never imagined adapting to.

Now considering the SolarWinds attack, the main learnings were about supply chain security. The SolarWinds attack was a story that came along and substantiated what people have been saying for years. When it comes to supply chain security there have always been many theoretical threats, but few real-world examples. SolarWinds is an example that people will be citing forever because the attack was just so far-reaching, and yet the world carried on spinning. The impact was massive, but we survived it. 

I’ve seen this pattern throughout my career. When I first started reporting in 2008, the Conficker worm was the big one, and Google Aurora, then BYOD (‘bring your own device’), later Chelsea Manning and Edward Snowden. We survived all of those things. For me, there is a similar lesson when it comes to COVID-19 and the SolarWinds attack – many big cybersecurity threats end up being just another stumbling point in the road.

 

 

The human factor has always been important, and it is here to stay

The human factor has not evolved much at all – we have been having the same conversations about it since the 1990s. For example, insider threats have moved into the foreground in recent years, but they’ve always been there. I wrote an article a few years ago about insider threats and the more I searched the more I found – it made me realise how present these threats have always been. Similarly, I recently covered IPO reports for common reasons data is lost and you see a lot of the same stuff reoccurring.

What’s more, is that the human factor is never going to go away, and we need to create tech solutions that appreciate this. We need to stop seeing humans as the weakest link and look more at fixing the controls around them because all humans are fallible. We have to provide tech solutions that are effective and easy to use because if a solution is too complicated, people won’t use it.

Security at work and in the media changes the way people see personal security

People are much more aware of their own personal security and privacy now than they were fifteen years ago. I think that this is due to security at work, GDPR, and increased device usage, but also how much we are seeing it in the media. Cybersecurity is now on the front pages of national newspapers, and primetime TV.

Yes, most people still use the same password across multiple accounts – that’s never going to change! But people are starting to use two-factor authentication, and beginning to consider security when investing in devices or software. Companies like Apple are even driving the perception of security as a luxury good. Consumers are starting to ask: Which product or service will best protect my data and identity? Where is my data going?

People today are also more aware of how visible they are, but who knows how this will change in 20 or 30 years’ time? The way younger generations are using their data is totally alien to most 50-year-olds, and that is going to still be the case in 2050.

For more from Dan and the evolution of cybersecurity, listen to our Tessian Podcast episode, here.

Share this Article