Protecting critical information and infrastructure is not a new concept. In 1900 BC an Egyptian scribe used non-standard hieroglyphs marking the first documented example of written cryptography. In the Middle Ages we had wax seals, coded messages and moats. During WWII, the Enigma machine, and the phrase “Loose lips sink ships.”
All of these tools, methods, and tropes were meant to protect institutions from the compromise of information that, in the hands of a criminal, can prove to be catastrophic. They are obsolete in the age of cybersecurity, yet some senior Government and Corporate officials seem to be content with similar measures, “good enough solutions,” that simply leave our information and infrastructure to the mercy of those seeking to inflict harm.
This mindset is not a function of apathy, but rather of a lack of computer savvy and education.
Survey your office staff and ask them what measures they take to protect their personal data and computers. Some will tell you that they don’t open weird emails and no longer accept or use thumb-drives gifted to them at tradeshows. Most will tell you that their IT department scans their computers monthly and equip them with anti-virus software. A very few will tell you that they have encrypted emails and cloud storage.
How many criminals do you think will tell you that they are coming for your data? How many do you think are playing the long data-siege game, using a cyber trebuchet when you have built a moat to protect it?
If we define the “last generation of cyber-laggards” as the generation that first gifted the Atari2600TMto their kids, long for their original BlackberryTM, and still look for a CD player on their rental cars (as they fold their paper reservation to jam it on the glove compartment); then we have a chance to cross the cyber security chasm in our time.
The newer generations of professionals moving through the ranks are far more computer and technology savvy than even their immediately preceding generation. They learn technology without paper manuals. They are far more comfortable with rapid technology changes and understand that the cloud and the Internet of Things (IoT) are as magnificent and useful as we want them to be. They are aware that if they do not protect their information, it will become public domain – in the worst possible way. They understand that cybersecurity happens in the intangible world, where just because you can’t see a threat, it doesn’t mean it does not exist. They understand that their digital information and cyber-infrastructure IS their world.
Our up and coming government and corporate leadership should leverage this generational dynamic to create and implement policies and procedures that enable them to run organizations that embrace cyber security as an integral part of their world, and an inherent part of all infrastructure; and not an inconvenient bolt-on. With their life-long acquired computer savvy, they can use the lessons learned from their predecessors, and embrace life underneath (and in) the cloud.
In the long data-siege game, we have to be always vigilant and ready for a sleeping giant to attack from within. Constant vigilance and evaluation of new tools and methods to protect the information, will thwart an unwanted failure. Not doing it could mean they become a meme, the 21st century trope.
Don’t assume that because your network is running today it will be running tomorrow. Stay alert.