Cyber-Security Risks Beyond Technology: Human Factor

Risk Group Founder, Jayshree Pandya discusses “Cyber-Security Risks Beyond Technology: Human Factor” with David Moon, Chief Executive Officer @ Tripath Media. Ph.D   Introduction Cyberspace has brought complex, chaotic, and challenging time for each nation: its government, industries, organizations and academia (NGIOA) in cyberspace, geospace and space (CGS). As cyberspace gets deeply embedded across geospace and space, its crowded interconnections with each component of a nation: that is its government, industries, organizations and academia are catching nations off guard. These interconnections and inter-dependencies are raising an important question, on whether our understanding of security risks is adequate and whether our current security risk management framework, tools, technologies, approach and processes are effective in managing the integrated security risks of NGIOA in CGS. Across nations, there is an intense effort going on to manage the security risks of cyberspace. Significant investment is pouring into developing technology that can secure cyberspace. While hi-tech efforts in technology development and deployment are on-going- (and in spite of all the advances in cyber-security technology), most entities across NGIOA are still faced with complex security risks – that cannot be reduced or eliminated. As the cyberspace shifts the security landscape rapidly, the traditional security perimeters that technology leaders relied upon are becoming outdated, fragmented and ineffective due to the complex inter-dependencies cyberspace brings to NGIOA in geospace and space. These complex inter-dependencies raise critical security risks that vary by enterprise, by industry, by leadership, by approach and much more. So what are these security risks that go beyond Technology? How does it impact you, your entity, your industry and nation? While it is not the scope of this “Risk Roundup” to evaluate each and every non-technology security risk facing entities across NGIOA, today’s dialogue will address only the “Human Factor”. We will address other non-technology risks in future. The Human Factor When you look at most organization’s security plans in CGS, human factor seems to be a heavily under-addressed area. The ability to organize security efforts around the human factor is essential in nations efforts to address the integrated security risks facing NGIOA in CGS.   Looking at the importance of “human factor” in managing the security risks facing NGIOA in CGS, it is important to understand how should security risks or crisis be handled.Nations need to evaluate their effort and preparedness in this area. Security Breach and Questions Often, the questions that any entity faces after a security breach in CGS are complex and require far more than technology, insurance claims or legal responses.  Irrespective of any crisis in CGS, the following questions hit first to any entity across NGIOA: * What should we do now? * What should we say? * How should we say it? * How much to say? How can any entity across NGIOA answer the question “What should we do now effectively? The answer to the above question will have far reaching implications for not only the initiative, but entity’s survival and security across NGIOA. Security Breach and Failure at all Levels Irrespective of cyberspace, geospace or space, most executives across NGIOA are trained to make decisions based upon information, data, and policy that they currently have. Now generally, when a cyber-security breach happens or a cyber-crisis hits: * Security Technology, Tools and Procedures have failed * Security Risk Management framework has failed * Information chain has failed