Cyber can be a complex and technical subject – how do you engage non-cyber people in it, when it’s so important, so that they don’t click the wrong link, and let in hackers? That was how Russell Gundry, head of innovation strategy at LORCA – the UK-government-backed, London-based body looking to bring on promising cyber firms – introduced Simeon Quarrie, founder of Vivida, yesterday, midway through the LORCA (London Office for Rapid Cybersecurity Advancement) Live week of online talks.
Vivida is a creative agency Simeon founded, that drives ‘transformational change’ (to use the jargon of creatives) for a client; by using ‘the power of story-telling’. As Simeon described engagingly, why not use stories, to put across good cyber-security messages?
It’s not a new or unique idea; Bruce Hallas spoke on security awareness, behaviour and culture at the first Security TWENTY event of 2018, ST18 at Nottingham. The problem and the solution are the same – and not only for cyber, as Vivida’s work shows, but other perceived ‘worthy but dull’ subjects in the workplace, whether security in general, sustainability and corporate social responsibility, or resilience, or diversity and inclusion; things that may matter to the very core of the organisation, but not to the employee at their computer terminal. How then, as Simeon put it, to put across cyber, in a way that it matters to non-cyber people, and sticks?
Simeon began in the glow of a ‘camp fire’ to evoke how story-telling has had a purpose for mankind from the very earliest days. He drew on some of the best-known and most popular cinematic stories of our time – Batman, X-Men, The Lord of the Rings – and went through the highly defined structure of such stories, to suggest how they can as well apply to cyber-security; whereby – to greatly paraphrase – a protagonist, with other characters and perhaps a mentor, faces a challenge such as from an enemy, and has to pick up knowledge, and goes on a journey which reaches a climax, and has a resolution (with, quite likely a twist to keep our attention), and (we hope) a happy ending. So it may be with cyber, that the IT user seeks knowledge of how to keep themselves and the organisation safe, from the threat of a cyber-criminal.
That how to effectively put across ‘cyber hygiene’ matters, across job descriptions, was borne out by the sorts of people in the remote audience, who at Simeon’s request identified themselves; while largely from a cyber background, they included risk managers, penetration testers, consultants and even a behavioural scientist.
Visit https://vivida.io/.
About LORCA Live
The free to attend online LORCA Live runs this week to tomorrow; visit https://www.lorca.co.uk/lorca-live/. Other speakers include Ciaran Martin, CEO of the UK official NCSC (National Cyber Security Centre); Oz Alashe, founder of Cybsafe; and among end users, Sharon Barber, chief security officer, Lloyds Banking Group.
More in the November 2020 print edition of Professional Security magazine.
