Cyber Resilience
"Culture Eats Technology For Breakfast"
The Global Boardroom hosted by the Financial Times returned for its 6th edition to debate the most effective strategies for sustainable growth in current geopolitical and economic disruptions. The summit brings together 100 leaders in business, policy and finance to discuss key topics in a modern climate.
Cyber resilience was a topic of key concern and a panel of industry experts: Rupert Lee-Browne, Nicole Perlroth and Kelly Richdale were brought together to discuss how businesses and governments can adapt to the changing landscape. Perlroth is a cyber security expert and author and Richdale is a senior advisor for Quantum Safe Security. Rupert Lee-Browne is the CEO of Caxton and has guided the company through the ever-changing battleground that is cyber security.
Recently, Royal Mail was hit by a ransomware attack, in which customer’s sensitive data was stolen and encrypted in order to extort the company for financial gain. Moreover, the Guardian this year was hit by a “highly sophisticated” ransomware attack in which internal sensitive information such as National Insurance Numbers and bank details were compromised via a phishing attack.
These aren’t the only high-profile attack in recent years. Crypto.com, Microsoft and NewsCorp were all hit by cyber-attacks in 2022. Cyber threats are both evolving and increasing. In 2022 alone, over 20 billion records were exposed. It is clear that the rise in technology through the 21st century has also led to an increase in the number of attacks on corporations and individuals.
One of the biggest cyber-attacks in 2021 targeted Colonial Pipeline, which supplies around 45% of the fuel to the east coast of the United States. By targeting and obtaining the password for an un-used but active VPN account, hackers were able to access the rest of the network. It could be argued that simple cyber security protocols would have avoided the attack.
However, many organizations are slow to adapt to changes in cyber threats, exposing them to bad actors. Cyber threats are a constant changing landscape and organisations must modify their defence. For example, 2-factor authentication has shown to be vulnerable via malware, sim-swaps and social engineering.
Unfortunately, improved technology is not the sole solution for rivalling cyber threats. A lot of security software and features have inherent flaws, which hackers can exploit. An excellent cyber security culture is paramount in protecting individuals and organisations and core to an effective culture is understanding that the people that make up an organisation are the most important protection and not technology. In order to achieve this, individuals must consciously behave as if there is a constant cyber threat. However, installing such a culture begins with leadership. As Rupert Lee-Browne mentions:
“It is the responsibility of the chief executive, the leader, to maintain the integrity of those businesses and to maintain the safety and the integrity of both customer data and customer money or whatever asset it is that you’re engaged in.”
“Fundamentally the CISO and the Chief executive need to be hand in glove working for strategies for not only today but also tomorrow, making sure the investment is going in.”
Culture is built from the top down and that starts at the board level and C-suite. This needs to be imparted upon the whole institution. Investment needs to be made into how companies can prepare for the threats they face. However, Rupert Lee-Browne has often found the opposite to be true.
“There is an extraordinary lack of understanding by chief executives and boards as to exactly what these threats are. Cyber-attacks are only going to become more prominent and protecting against them should become far more important in an organization's ethos. Culture eats technology for breakfast, and if you don't educate your staff on the importance of cyber security, all the technology in the world won't help you.” Caxton's staff is all trained in cybersecurity accordingly, and in Rupert Lee-Browne's view, making sure your employees understand the threats against cybersecurity is the best - and potentially only - way of ensuring that you and your customers' data is safe in the long term.