Cyber Risks - How to Stay a Step Ahead
Cybersecurity and digital safety are a priority for individuals and organisations right now. While individuals want to stay safe online and protect their data, organisations must prove they are trustworthy partners. Award-winning documentarian Louis Theroux recently joined us to host an in-depth discussion on cybercrime and security best practices. Joining him were world-class speakers, including former ‘Anonymous’ hacker Lauri Love, hacker, entrepreneur and former CTO of the 2012 Obama campaign, Harper Reed and DocuSign’s CISO Jessica Ferguson. Here are some highlights from the discussion on how to stay a step ahead with cybersecurity.
Trust and Cybersecurity - why they are inextricably linked
Trust and security go very much hand in hand, and the team discusses the concept of trust in relation to security. Louis says, “Trust is foundational to our existence as humans that live in communities. I rely on the fact that people aren’t going to steal from me, that they aren’t going to take advantage of me. On the rare occasions that does happen, it’s profoundly upsetting.”
Technology comes with risks, and consumers and organisations need to use vendors and providers that they trust. If trust is violated, it can have negative consequences for everyone. Jessica says there has always been a game of cat and mouse between hackers and security companies. Jessica asks Louis, “Do you ever think the good guys will ever gain the upper hand in that game?” Louis says, “I think to a great extent, the good guys are maintaining a degree of the upper hand. I see evidence of cooperation and positive outcomes. By many metrics, we live in a society that’s continuing to grow and improve. I can buy things from online retailers with an extraordinary degree of confidence, and I can conduct business in ways that would have been unimaginable a few years ago. Shout out to DocuSign. Documents that may have been flown in planes to be signed, or maybe fax machines anyway, now just ping up on your screen. You just click away, and suddenly it’s all done. So I think there is a lot to feel good about.”
Louis, Jessica and the other panellists also recognise that there is an element of hacking being used for good or for exposing misdeeds, as the hacking group “Anonymous” has. Harper says, “there are hackers that are trying to find the truth or shine a light on a dark place. Whether that’s because you want to see how the lock works or because those secrets should be out.” When an organisation is hacked, it can sometimes also act as a way to be more prepared for future events. Lauri says, “Security is an aspect of predictability. Cybersecurity and increasingly, our civic society is predicated on expectations that have been continuously tested. Such as in terms of the simple nature of identity. Before maybe, you had a passport or driving licence, and now there is a complex nature of identity where we are hoping to maintain some persistent identity services that can have varying degrees of security, and support. There are many aspects of security, but the thing they have in common is being able to work towards a reasonable assurance that something will go in a way that can be predicted.”
Harper says, “In my career, I’ve built a lot of experiences where trust is paramount, it often starts with a kernel of trust, and we’re building a thing to appeal to users to get them to do the thing we all want them to do, or they want to do. It could be as simple as sending money to another person. Trust is such a big part of all of these things. Users have a covenant of expectant behaviour, and when that breaks, users react very strongly. You’ll see complaints on Twitter or Instagram that may seem silly for something minor, but the reason for the reaction is that trust has been eroded. I think about trust all the time, but I like to push that over and think about safety too.”
It’s clear that organisations need to protect their customer's data and build trust for a successful relationship.
What cybersecurity risks do organisations face today?
Jessica highlights that supply chain security is a big risk for organisations today, and in terms of trust, organisations need to figure out as we outsource risk to other organisations who we should trust. Harper also says the thing he is most worried about as the CEO of a company is supply chain - whether it’s vendors, cloud services, logistics or warehouses.
Jessica highlights the impact of an issue with ALog4J in December 2021, an open-source logger embedded in lots of applications that had a critical vulnerability. While it is maintained by people who aren’t paid - a vulnerability in it affected everyone from major cloud-edge providers to Minecraft. An attacker could potentially use this to run commands on a remote system. Organisations needed to identify which applications were using this code. Jessica says, “There needs to be a shift to better-understood software builds, and to understand what is the fourth party risk within those builds, and holding vendors to high standards when it comes to transparency and how we communicate risk.” Jessica says that transparency of software is key going forward.
Harper says, “We should be very thoughtful that when we are building things, we are not accidentally creating opportunities for data to be weaponised in ways we didn’t expect. There are so many devices you can buy that are insecure by default because maybe companies went out of business when they were building it, and they are still for sale. I hope that organisations start to build better practices internally. We have to build a process that is going to last. I think it’s super important for all organisations to think about how are we building things that last”.
How can individuals stay one step ahead of cybersecurity?
The team highlights how important data is to organisations and individuals and how it’s key to follow safety protocols online. Organisations should provide help for their users and protect them. Lauri says, “It’s safe to say data is the most valuable commodity in the world. It’s not fossil fuels anymore. It’s not any tangible resources. There is more trade in information than anything else.”
Digital hygiene is fundamental for customers. Laurie says, “We’re learning what it means to have digital hygiene, and it’s directly analogous to when people first moved to big cities and suddenly you had all of this waste and people started to get unwell. Eventually, they learned good practices for water, washing and hygiene and things resolved.” Harper says, “I think people stay safe by being relatively cautious and following best practices online. Things like strong passwords, two-factor authentication etc. My advice to a regular person who isn’t knee-deep in all this is to practice some safety on the internet, but there are amazing people like Jessica who are protecting us all. Doing this work and making sure the third party risk is recognised.”
Cybersecurity in the future
Jessica says there are many reasons to be hopeful when it comes to Cybersecurity going forward, “there is a growing awareness from the consumer that their data can be, and in some cases is, used toward them in either a good or a bad way. In 15 years technology will be totally different and we will be looking at a different set of challenges when it comes to privacy, and data, and security, and what trust means in that world. Data is really key. I think we are really just scratching the surface in 2022 of what the future looks like.”
There are definitely challenges and responsibilities for all organisations that want to stay a step ahead of cybersecurity in the future. You may also like to read more about cybersecurity as part of Cybersecurity Month.
Discover how you can help protect your company’s data with cybersecurity best practices and more about avoiding phishing scams.