Challenges In Cybersecurity

Every industry faces challenges. Understanding and overcoming these challenges, strengthen the industry. The cybersecurity industry also must face these challenges. The challenges to cybersecurity are unique, especially as our society continues to rely on the internet of things and our technological dependence increases. Cybersecurity is a growing industry in which we are all dependant. Everyday more and more people are using technology, relying on it for day to day operations. Society as a whole is dependent on technology. Yet, there are so many people who just don’t understand it.  The human factor plays a significant role in the use, design and future of information technology and cybersecurity. Cybersecurity involves every facet of our digital culture and requires us as a society to understand how we uses it.

The Human Factor

With most technology, when there is an issue the solution is technical, but cybersecurity has more than just the technical side of it. Cybersecurity is just as much about the people that use and the culture as it is about the technology itself. Organizations can put as much security into an information system as they deem necessary, but if a single individual misuses or misunderstands the function of the system, the entire system can fall to its knees. “Against the backdrop of a complex and growing cyber threat landscape, where 57% of businesses now assume their IT security will become compromised, businesses are also waking up to the fact that one of the biggest chinks in their armor against cyber attack is their own employees.” (Kaspersky). Humans are inherently lazy, often seeking the easiest or simplest way to accomplish a task. This approach often works in day to day operations and in innovation, inventing newer easier,better, faster technology. But this should not be the case when it comes to security. As an organization, the culture needs to ensure that security comes first. This includes awareness, education and proper design but in order to incorporate these changes we have to look at those that hold the influence over the way we implement cybersecurity as a whole.

Software Developers

The mindset of production needs to be altered such that getting a product to market is not the primary concern. All too often the pressure to produce a product or innovate with new technology results in a rushed product that does not consider all of the proper aspects of security.  Often times, security is added as an additional feature that also comes with an additional price tag. Innovators and developers need to be encouraged to start with security first. This will ultimately shape the future of the application and ensure that data, and information systems are better suited to face the evolving threat landscape. “The better solution is not to sell security directly, but to include it as part of a more general product or service. Your car comes with safety and security features built in; they’re not sold separately. And it should be the same with computers and networks. Vendors need to build security into the products and services that customers actually want.” (Schneier, 2008).

End Users

The end user is the problem. They are the ones that downloaded the malware, were susceptible to a spear phishing campaign, and fell victim to social engineering that result in the breach. It’s the users fault there credentials were compromised and used to get into the system. It’s always the users fault. This type of thinking has resulting in nothing but more issues. The end user does play a part, but those that administer the system are equally responsible for incidents. Whether its their failure to educate the end user or to put adequate controls in place. Either way, the end user only surfaced the problem. Unfortunately the end user is the one who is responsible for thee issues being relevant. But it’s not entirely their fault.

Leadership

Like any other industry, cybersecurity needs leaders. These leaders shape the direction and motivations of the industry. They ensure the future remains secure and unite the innovators and developers to realize a common goal. This is the same in about every industry, so why do we struggle so much with it in cybersecurity? Leaders need to make it clear that security is not just an IT. Cybersecurity is a business priority and is affected by the culture and risks, just as much as it is by the technology. Leaders need to discuss the potential risks, and solutions at all levels. Leaders to need to ensure inclusion within the organization and empower individuals to understand the importance of their role within the organization and within cybersecurity.

Humans are the foundation of cybersecurity and they are also the chink in the armor. Cybersecurity is a source of frustration for leaders who spend an extraordinary amount of time and worry trying to protect their data from increasingly sophisticated schemes, ransomware, state-sponsored hacking. Cybersecurity issues are not purely a technology problem. In order to overcome these obstacles leaders, developers and end users all need to be part of the solution. The entire society needs to work together to understand the problem and develop a culture that is security minded. Leaders need to facilitate these paradigm shifts. Developers need to design with security in the foundation. End users need to learn that their actions impact security posture. Cybersecurity challenges exist at all levels, and all people are responsible to ensure these challenges are faced. Failure to face these challenges will result in the human factor causing the failure of cybersecurity.