18 June 2020
The current pandemic has forced many businesses into a very sudden and far reaching adaption of digital technologies to facilitate remote working. This change looks as though it is here to stay.
We are seeing an increasing number of criminal activities that try to take advantage of both the large number of novice remote works and the general uncertainties that the current situation brings.
Consequently, many businesses are faced with the question: what is the weakest link in our cyber defence that we need to strengthen? Many of us will be reminded of the catch phrase “humans are the weakest link in cyber security”. But is this really a good picture that should guide our actions?
The problem with this picture is that it makes it too easy to blame users: we trained our staff not to click on links in emails and still, they are doing it. Actually, the picture hinders us to ask two important questions: first, how can we improve our processes so that users do not have to click on links and, second, how can we build a system for which clicking on links is secure and safe.
A better picture might be a swing with two chains: we need to keep both chains strong and in good shape, so that our children enjoy using a swing that keeps them safe. Translating this picture to cyber security means that we need to address the weak links in our “social chain” and our “technical chain”. Moreover, we need to bring both together processes and IT systems that are easy to use and support the tasks the users need to fulfil in their role. We need to develop systems that are safe and secure by design, that are easy to use and maintain. This, together with supporting and educating users will minimise the risk of becoming a victim of criminal cyber activities.
Stay safe and secure and keep your knowledge, skills and technical systems up-to-date.
By Professor Achim D. Brucker, Chair in Cybersecurity (Head of Cybersecurity Group)
Dr Isabel Gonzalez
Theme Lead Data Science and AI
01392 722361
I.Gonzalez@exeter.ac.uk