During an average week we spend a lot of time taking safety measures. We put on our seatbelt every time we get in a car. We wear a helmet when we ride a bike. We check the street for cars before crossing the street. We have burglar and fire alarms in our homes. Some of us even avoid charging our phones at night because there’s a tiny chance that the charger will go up in flames.
Then we log into our computer and safety goes out the window.
The impression of cybersecurity
Consumer apps and devices, such as Facebook, Apple, and Twitter use authentication to increase their security when you’re logging in from a new location. Users aren’t annoyed when Gmail wants to confirm that they’re in Nigeria or when Instagram asks if they’re in Thailand. It’s designed so they never see an unnecessary obstacle, making it acceptable when an alert appears for a legitimate reason.
Many people will say cybersecurity is “an annoying pop-up window they can’t get rid of”. The idea of cybersecurity is perceived as complex and confusing, an alien part of technology meant to instill fear in them. Because consumer cybersecurity has a higher focus on usability and does most of the (magic) work in the background, most are unaware of the depth of protection they’re seamlessly provided. The enterprise cybersecurity industry has a long way to catch up when it comes to usability.
The complexity of how we talk about cybersecurity has made everyone, except the security experts, indifferent to securing their personal and business devices.
The industry talks about cybersecurity like it’s rocket science. There seems to be endless product segments (see diagram). Each product segment is different while claiming to solve the same problem, e.g. the insider threat. When a new threat emerges, almost all claim to solve it without adding a single product. It’s either half-truths or misleading marketing. And it’s confusing.
The enterprise cybersecurity industry uses scare tactics and war analogies to create fear, uncertainty, and doubt. Once you know why cybersecurity is important, there’s no need to talk about the sky falling. The industry victimizes people by saying “you will be next without product X” and “turn the table on your enemies with product Y”. Being a victim of endless attacks isn’t something most people can relate to.
Few people know how to protect their digital lives themselves, both at home and at work, leaving most feeling unsafe—in the end pushing the problems away by ignoring them.
Cybersecurity is an enabler
There’s a lot to say about the importance of making sure you and your devices are secure. Security isn’t just a tool you buy. It’s a feeling. It’s certainty. It’s an enabler.
Like your seatbelt, bike helmet, or home alarm system, cybersecurity enables safety. Cybersecurity enables you to focus on what’s important to you: your core business and your personal life.
To increase the usability, cybersecurity needs to work seamlessly in the background. It needs to automatically stop anything bad from happening, and only surface when something is worth your attention. Similar to a seat belt working while on, but only noticed if you are in an accident.
Secure wherever you go
A study by IWG says 70% of people around the globe work from a remote location once a week, while 53% work remotely at least half the week. The increase of remote workers is a result of the world becoming more open and flexible, and organizations supporting a better work-life balance for their employees.
IBM conducts a yearly study, where they interview more than 12,000 C-suite professionals, including CEOs, CFOs, CIOs, and COOs, from 112 different countries. The study divides companies into reinventors who are outperforming other organizations, practitioners who are developing capabilities to match their ambitions, and aspirationals who are developing their digital journey and ability to move quickly.
The study from 2018 shows that 72% of the reinventors, who outperformed other organizations in both revenue growth and profitability, have an open culture. In comparison, only 53% of practitioners and 36% of aspirationals have an open culture, resulting in weaker profitability and revenue growth.
An open culture that promotes working remotely is the future of good business. The legacy cybersecurity isn’t up to the task, according to CNBC. Current remote workers have a higher risk of a data breach, without the security in place to protect them. Security with a zero-trust approach moves the security from the perimeter to the individual person and their devices, making remote workers secure wherever they are.
Organizations with a secure, open culture are likely to outperform others.
A new approach to cybersecurity
Historically, the enterprise cybersecurity industry has protected people and organizations by building a perimeter (a wall between what’s on the “inside” and “outside”). Having one perimeter around the organization made it easier to maintain and patch security gaps. Most employees came to the office every day, and working remote was unheard of. Perimeter security has shortcomings as soon as a person or a device is outside the perimeter, leaving them unprotected. In addition, perimeter security doesn’t stop anyone from doing anything bad on the inside.
BeyondCorp, a zero-trust security framework modeled by Google, discusses the importance of moving the access controls from the traditional perimeter to the individual person and their devices. By giving access controls to the individual devices and users, employees are able to work from any location while being secure.
The world has changed, and cybersecurity needs to catch up.
- CNBC, “70% of people globally work remotely at least once a week, study says”, May 30, 2018
- CNBC, “The biggest cybersecurity risk to US businesses is employee negligence, study says”, June 21, 2018
- IBM, “Incumbents strikes back”, 2018