London Tech Leaders: Understanding the ‘why’ that drives a growth mindset within the cyber security world.
Abbie Hudson Sales Apprentice
My key takeaways as an attendee.
Cyber security is accredited through fear, and as an organisation, how can we protect our critical systems and sensitive data from digital attacks?
Training around cyber security, for most people, looks like an annual mandatory training course. This is only a short-term fix to meet organisational requirements but will have a potential long-term downfall as the knowledge quickly fades. Not producing effective long-term results.
As an individual who knew little about cyber security before attending London Tech leaders, I would probably only participate in an annual ‘refresher’ course on cyber security within my organisation at most. My knowledge would quickly diminish and as a result, would only be slightly cautious of the odd email scams. This isn’t only applicable to my organisation, but to my day-to-day when checking out securely on a website, allowing app permissions, cookies, and more. Understanding the ‘why’ and ‘how’ to become an active learner when understanding topics such as cyber security is critical at all levels.
In the perfect world, adopting a culture where everyone becomes an active learner to build better understandings of topics outside of their profession would be a more effective approach. This principle applies to all areas within business. Instead of the ‘I have to’ mindset, what benefits could an ‘I want to’ growth mindset achieve? Actively seeking answers and creating a broader spectrum of knowledge has endless opportunities. Ultimately, developing skills to build better confidence and improving our ability to think critically or problem solve.
London Tech Leaders is all about sharing ideas. Bringing senior leaders together to share their professional perspectives and knowledge on various topics, ultimately providing all attendees with a forum for a wider discussion.
Having recently attended the London Tech Leaders Event hosted by WeShape, with a fantastic panel of speakers [Phil Knight (CISO) Munawar Valiji (CISO) Edward Tucker (Director of Security) and Cary Vidal (Director of Security and IT)] discussing all things cyber security. The chairman [David Crawford (CTO)] led a series of questions throughout this discussion to examine the current state of the security world and encouraged reflection of both the panel and audience. My key takeaway was the ability to be completely open-minded to gain the best understanding possible on topics you may be unfamiliar with and develop the ‘growth mindset’ attitude. This blog focuses on the key takeaways from this experience with London Tech Leaders.
What were my key takeaways as someone who has little background in security?
Difficulties within the security industry
Complete security is tricky to master: why is that? Modern cyber security is forever changing and has climbed to extraordinary heights. To assume invulnerability is the first downfall for many. Your organisation may have it all, firewalls, multifactor authentication, networking monitoring, identity management. But the truth is ‘if you have something to steal, you’ve already been hacked’. That is difficult to foresee for even the most secure platforms, even by failing to explain how the simplest of attacks arise, such as clicking onto a malware-infested site. That is the greatest difficulty, there are no latest and greatest security investments coming to the rescue. Security is a team effort, even if you may have it all. If practicing cyber security protection isn’t embedded into company culture, it would be silly to assume complete security. Why should your associates care about security? Well, the costly clean ups, reputational damage, client data leaks, the list continues.
How to balance commercial opportunities with cybercrime risk
To put it simply, we can do our best to ensure we focus on balancing commercial opportunity versus cybercrime risk. The potential pit falls for our actions must be accounted for, however, reaping the rewards of success will only be possible through calculated risks. While both people and systems are becoming more connected every day, there is an increasing value in the quality of information we hold online than ever before. This also means that the efforts in exploiting this information are becoming smarter.
The Zero-trust concept
Zero trust links back to developing your growth mindset. Zero trust means to never ‘trust by default’ and always be conscious of cyber threats. I realise how it can be easy to forget when websites can be malware invested or what emails are considered suspicious. Mack (2022) explained 84% of cyber-attacks were sent via email in 2021. So, despite all the training out there for cyber security. Having moments like this to refresh us on the level of danger even surface level attacks can cause, was brilliant.
The philosophy ‘never trust, always verify’ somewhat gives us direction on what to focus on when discussing zero trust. One element we discussed was whether referring to zero trust immediately brought a negative spin to our security efforts. How about we just say trust? We will always be dealing with the same issues with the malicious insider threats and a junk folder piled with suspicious emails. More importantly, we must find aspects where we can be more proactive, for example, quick recovery and orchestrated resilience.
Having brilliant basics
There is no big cyber threat around the corner waiting to catch us off guard. Our time is much better spent focusing on the concept of our brilliant basics. ISO27001, SOC 2 TYPE 2, and GDPR are great examples of traditional basics which we should focus on harnessing. There is no revolutionary investment to solve all issues, get the basics right. This doesn’t mean you’ll find all the answers from a book, but tightening up elements like your access controls, dealing with key vulnerabilities, patches, audits, organized inventory will give you the bragging rights of having ‘brilliant basics’.
The key takeaways from this event and having learnt so much about the security world has encouraged me into a growth mindset and continue to actively seek how I am being impacted. I have built the confidence to spark conversations within my organisation and with our clients. This is truly invaluable by building the ability to re-deliver the discussion from security professionals, within my own orgnisation. Stepping out of your comfort zone to develop your understanding to build the knowledge that will stick with you. Growing a community who are active learners, on areas like cyber security. This will be the long-term fix and reduce your reliance on your annual cyber security training courses. Encouraging a growth mindset will bring larger team efforts towards to being secure, and help your associates know the ‘how’ and ‘why’ behind security impacts.
Thank you to the organisers [Chris Monticolombi, Jack Moore (Directors)] for helping start the conversation for many of us who attended and helping us gain a better understanding of the current environment in security.