• About 22CW
  • Who is 22CW
22nd Century World

Cybersecurity Starts With Basics

July 13, 2017 by 22nd Century World

Originally published on SDI Cyber, July 11th, 2017

One undeniable fact: the 2016 elections brought the word “cybersecurity” into the mainstream. The problem that stemmed from that fact: nobody is actually sure what “cybersecurity” is. And as a result, we spin our wheels or head off into differing directions.For all the tech talk, commentary, and promise of some incredible “save you from all cyber threats” solution, lost in the conversation are the cybersecurity basics. It is a disservice to all when pundits use words, such as hack and leak, interchangeably. Those who have a more informed understanding of the issue know that these terms having incredibly different meaning. The same can be said for words such as stolen and copied. They are not the same and are often confused, even misused. And how about this one: the difference between authorized access by an unauthorized user and unauthorized access. The fine nuance between the two can entirely re-characterize the nature of an attack.

I have not conducted a formal study to know how many people know the differences or can spot the nuances, but from informal observation of my own experiences, about 95% of people cannot tell the difference and of the 5% that do, almost all of them have some form of security-type training or professional work experience. Another informal observation: even those who have the training still cannot always spot the difference.

Why is all of this important? Because if we cannot get the basics right, chances are everything that follows will be wrong, insufficient, or inadequate.

I start from this premise: we have finite resources. I do not think anybody serious would disagree with me on this premise. Therefore, let us be smart about how we use these resources. And part of being smart is asking the right questions and knowing the basics.

In the middle of serious cybersecurity policy debate, does it make a difference if a Senator asks a witness whether data was stolen or copied? Yes, it does. In trying to determine how an attack happened, does it make a difference when the Board asks its IT manager if the source of the attack came from authorized access by an unauthorized user or by unauthorized access? Yes, it does.

The human brain can only process so much information and the more complex we make the cybersecurity discussion, the increased likelihood of us mucking it up. Add into the mix a disregard or misunderstanding of the basics and the muck up is almost certain.

…read the rest on SDICyber…

Posted in: Cybersecurity Tagged: cybersecurity, education, human element, information security, risk management, strategy, vulnerability

Categories

July 2017
M T W T F S S
« May   Aug »
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Recent Posts

  • Multilateral Cyber Interests Will Rarely Align
  • Before You Declare Your Enemy, Be Sure of Your Interests
  • Cybersecurity Starts With Basics
  • Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity
  • Ransomware Heists are Only Part of the Board’s Problems

Archives

  • August 2017
  • July 2017
  • May 2017
  • April 2017
  • March 2017
  • December 2016
  • July 2016
  • June 2016
  • May 2016
  • November 2015

Tags

artificial intelligence awareness big data byod change management communications cybersecurity data security education encryption foreign relations healthcare human element information security innovation legal machine learning mobile computing network security policy politics ransomware risk management security social engineering strategy threats tokenization training vulnerability WannaCry

Copyright © 2022 22nd Century World.

Omega WordPress Theme by ThemeHall