With the recent outbreak of WannaCry/WannaCrypt ransomware, there has been much talk about where the responsibility lies in countering cyber security threats. The head of the United Kingdom’s GCHQ National Cyber Security Center, Mr. Ciaran Martin, recently scolded business directors and board members in the UK for “devolving responsibility” for cyber security in their organizations. He goes on to say that “boards must start to treat cyber threats with the same level of critical importance as they do financial or legal issues. It needs to be unthinkable that a board member would say that cyber issues are too complex for them to make judgements about.”
This is an important lesson in the United States, as well. Cyber security is viewed on many levels here. Some organizations understand the need and work hard to employ the right resources and measures to counter the threat. Others see cyber security as nothing more than a nuisance and a hit to the bottom line. Smaller and mid-sized organizations are just getting used to the idea that cyber security can affect their businesses. Those companies who view cyber security realistically and implement a responsible risk management program will do the best to counter the threats. Those who blow it off or just view it as a burden will be the hardest hit.
Very few truly understand the nature of the environment, though. Cyber security is not a problem to solve. It’s an ongoing risk that must be managed. There is no single fix or group of fixes that will take care of it for all time. IT and computing systems are extremely complex. Modern Microsoft Windows operating systems have a 150x larger code base than the US Space Shuttle. It takes more power and more complexity to let you surf the web and watch streaming videos than it did to put people into space. Connect these systems together, put sensitive information on them, and implement a highly complex web of data sharing between organization and you further increase the complexity.
The responsibility for cyber security falls to us all. Businesses who use the technology must implement it and operate it more intelligently. Business who create the technology must continue to improve their detection of flaws and their response to fix those flaws. End-users must take more responsibility for how they use IT systems. As much as we’ve tried to make these into ‘everyday kitchen appliances’ they’ve gone in the other direction with complexity. You can’t be computer illiterate and expect to fully participate in the 21st century.
Ultimately, governments can only do so much to set the foundation for a more secure Internet. It will take effort from all involved to reduce and better manage the risk we face daily as we become more and more connected. Own up to your responsibility and start doing your part to make the Internet a more secure place.
Need help figuring out where you fit into the puzzle?
Contact us today for a free and confidential consultation.