When you Google ‘latest trends in cybersecurity’ what appears in your search? You’re probably hit with lists focused on the technology itself such as the latest AI that will help identify and repel attacks efficiently or articles on rethinking the security technology stack, says Richard Beck Head of Cyber Security, QA.
It seems that we always want to be at the cutting edge of the technology in cyber, but when it comes to unlocking the power of effective cyber security teams we need to invest in something far more primal. Our people.
Every new technological innovation and convenience brings with it new concerns about security. And these worries are constantly proven to be grounded in reality, with global events often the trigger. Changes to technological infrastructure brought on by the pandemic, such as increased working from home and shifts to the cloud, caused the number of cyber-attacks to soar in countries around the world. And more recently, since the Russian war on Ukraine began, there has been a noticeable increase in cyber-attacks. In the UK, 31% of businesses and 26% of charities suffering attacks now experience breaches weekly, with similar trends reported around the world.
The exponential increase in cyber-attacks is the nature of the infinite game that is cyber. It’s not something that can be won, just fought against – a concept many working in the sector fail to grasp. Cyber analysts believe they will be the one to ‘solve’ attempted attacks and be rewarded for their heroics. Ultimately, bearing the burden alone, over and over again, has implications on burnout, performance, and communication within and between divisions.
But there are two things these professionals – from trainees to veterans of the industry – often omit from consideration. Firstly, as highly skilled as they may be, they don’t need to be the lone hero, and it is often in fact detrimental to act alone. More often than not, these individuals will be working in and with talented teams who also share the responsibility of fighting these cyber-attacks. Secondly knowledge alone isn’t enough when it comes to fighting cyber-villains, and co-operative teamwork is the only way to truly persevere.
The great benefit of the internet is that it has connected the world. It is easy to forget how, a mere few decades ago, long distance communication would inevitably cost a lot of time or money. But for an industry rooted in connectivity, cyber remains surprisingly closed off. In my experience, most security teams can often find themselves siloed within businesses– there is no real communication at any level. This is a major issue.
Information sharing is integral to the process of creating a safer cyber community for all. Take IT teams working for larger companies as an example. First, team members should be communicating with each other, and those teams should be communicating with other teams within the company. Doing so reduces repetitive tasks and simplifies operations. The act of working in concert with others removes the pressure that leads to burnout and closes gaps in the vital human barrier between attempted cyber-attacks and defensive software.
Sharing information with other departments and brands is also vital within larger organisations to ensure awareness and preparedness for other possible incoming attacks. Sometimes there may also be a need to pass information onto other companies and, on some occasions, to regulators and the government. Again, the lessons learned from the experiences of cyber professionals are often transferable. Co-operation is the oil in the machine – reducing friction and redundancy while improving efficiency, productivity and wellbeing.
In its latest cyber strategy, the UK government lays out multiple instances where collaboration will increasingly be used to strengthen the country’s cyber security. And they aren’t alone. Many other governmental organisations around the world have been seeking ways to break the cycle and introduce a more collaboration-centric mentality into cyber. But until now, finding the tools to enable this shift has been challenging.
Humans are the solution
Proper communication can’t just be learned from a book or a compulsory twenty-minute HR course with a quiz at the end. Applied learning is the only way to truly teach people these vital skills, and to break out of our siloed approaches to cyber it is essential that participation in this learning is in groups rather than alone. Integr8 is a human-centred teamwork programme for cybersecurity teams and multi-team systems, grounded in over 56,000 hours of research. It creates a thorough and applied learning experience through enjoyable and gamified challenges. The goal is for participants to replace their preference for judgement with curiosity, share their ideas and perspectives openly, and develop a collective growth mindset within and between teams to build open and beneficial approaches to communication.
Participants are put into teams to tackle a series of events over eight separate workshops. Each one examines a different intervention, exploring ways teams can work collaboratively – including reaching consensus, collective information gathering, and multi-team strategic development – each successive session consolidating their learning and putting it into practice, providing practical take-away tools such as team charters, goal hierarchies, and conflict resolution guidelines.
It aims to remove teams from the technology they are used to using, and instead challenge them to communicate with each other to adapt and problem solve. Likewise, Integr8 has also been proven to support the diversification of cyber teams, particularly building confidence for women in their roles which in turn helps with the gender imbalance in technology careers.
The application of this training, while only in its infancy, is proven to be effective. And, as its importance is recognised, mainstream technical training will increasingly be augmented by it as a necessity – already, European governments and the Cybersecurity & Infrastructure Agency (CISA) in the United States have successfully used Integr8.
As we look to the horizon, it’s an increasingly exciting time for technology and the extent to which it can impact our lives and businesses. Smart cities and artificial intelligence bring huge promise of societal benefits and progress across everything from healthcare to construction to telecoms. However, as security professionals we know that with this comes greater risk. To make this progression as safe and secure as possible, we must develop a culture of collaboration to share our learnings. No one person is an island. Heroics that really change the world and make it a better place will always be a team effort based on the most basic technology of all, human communication.
