Don’t be overconfident when it comes to cyber security

Digital Leaders
Dec 4, 2019 · 3 min read

Written by Russell Haworth, CEO, Nominet

Image for post
Image for post

Even the ancient Greeks recognised the heady risk of overconfidence. Remember Icarus, who tumbled from the sky as a result of his hubris and complacency? While Icarus wouldn’t have known what to do with a digital device, his undoing can still teach us lessons in today’s internet age. In the ongoing battle against the cyber criminal, overconfidence could be our downfall, so don’t fly too close to the sun.

Earlier this year, research by the National Cyber Security Centre (NCSC) found that millions of people use easy-to-guess passwords for their online accounts; the most widely used password on breached accounts was 123456. This comes as cyber breaches gain power and prevalence, and more of our personal data and services are moving online. Namely, the stakes are getting higher and we aren’t being more careful.

Overconfidence online is a trend that has been corroborated by Nominet research: while over three quarters of adults claim they have enough knowledge to keep themselves safe online, only 29% of people even know what two-factor authentication (2FA) is, and even fewer use it. Worryingly, 24% of people don’t even bother to change their passwords when their online bank or utility provider is breached. Basic cyber hygiene is not being followed, yet we remain bullish.

Unfortunately, the attitude appears to be extending into businesses. In our new survey of CISOs, we found that 71% admit their organisation touts its cyber security robustness to partners and customers, despite more than a third (34%) of security professionals lacking confidence in their final choice of security solutions. Worryingly, less than a fifth of CISOs said the array of tech that makes up their security stack is 100% effective. Their confidence is low, yet business claims are not.

We already know that the role of a CISO is challenging; our recent report showed how they grapple with a lack of resources, budget, staff and — sometimes — support from the board for their security needs. CISOs are often overworked and stressed — could this explain why 20% of CISOs didn’t test the performance of their security stack once it is in place, or didn’t know if it was being tested?

As ever, these findings should be taken with a pinch of salt; we are still making progress compared to the situation five or even ten years ago. Cyber security is now a phrase the layman understands and uses, cyber attacks are becoming a recognised reality, and businesses actively hire a CISO or equivalent instead of leaving the task to a busy IT department. Businesses are also recognising that cyber security is not a peripheral issue but should be threaded into everything they do, right down to staff culture and engagement. It is an improving picture.

Additionally, we should recognise that the situation continues to change. Of the CISOs we spoke to, 76% think their organisation will invest more in cyber protection, with the top three areas for investment over the next three years being cyber monitoring (16%), cyber resilience (14%) and cyber governance (12%). This is certain to make a huge impact on the cyber security posture of companies and help ensure that confident claims of the business will soon be backed up by the resilient security measures a customers, investor or partner would expect.

I for one support confidence in new technologies. It is this very attitude towards the digital world that allows innovations and new technologies to be adopted and embraced in today’s rapidly changing times. That said, we must strive to recognise any mismatch between our beliefs and our actions, especially if other peoples’ data is involved, and proactively work towards keeping ourselves as secure as we say we are.

Originally posted here.

More thought leadership

Originally published at https://digileaders.com on December 4, 2019.

Digital Leaders

Thoughts on leadership, strategy and digital transformation…

Digital Leaders

Written by

Informing and inspiring innovative digital transformation digileaders.com

Digital Leaders

Thoughts on leadership, strategy and digital transformation across all sectors. Articles first published on the Digital Leaders blog at digileaders.com

Digital Leaders

Written by

Informing and inspiring innovative digital transformation digileaders.com

Digital Leaders

Thoughts on leadership, strategy and digital transformation across all sectors. Articles first published on the Digital Leaders blog at digileaders.com

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store