Be cyber aware
In one of my favorite movies, Mivtza Savta ("Operation Grandma"), the hero is asked how he became so successful, and the answer amazed me. "I wake up in the morning, immediately start running as fast as I can and then slowly pick up the pace ..." After more than 20+ years in the cybersecurity industry, I know this is the only route we have as cybersecurity professionals.
Through the last years I have been in the security industry, I have seen many changes. I saw the rise (and fall) of cyber empires, new and old ideas. I watched the birth of new attacks and new mitigations; and how both sides are so invested in reinventing the world, day in, day out.
The cybersecurity industry is innovative; it is learning and it has a pace like no other. We are living in an era that is multiplying itself. Everything is accessible. And guess what: The pace is not going to slow down.
Most industries are taking ideas and making them reality today — at the latest tomorrow. What about the security industry? We are fighting today the threats of 6 months from now. You might ask, “How can this be? How can we even identify what is going to happen in 6 months?” The answer is simple: We can’t, but the hackers using these vulnerabilities and attacking us don't care about this. They are identifying today the vulnerabilities they will use in the next attack which will take place in 6 months.
This means that we need to change our mindset. We can (and many cases do) manage the threat when it is an idea and not an incident. Achieving this is not as easy as I might make it sound. Achieving this requires us to have a cyber-aware mindset. It requires our partners, all of them, to be on the same page as us.
Our partners are the IT department, procurement, business leaders, and mainly our C-level management. They all need to pitch in. It is not the lone struggle of the CISO wandering the wilderness of cyberattacks while others are sleeping tightly in their beds. It requires every one of the partners to push this effort forward.
The role of leader can’t be given to you; you need to own it. You have to earn it. It's not just a charisma or a nomination — it is the way every fiber in your body responds. Now is time that we all take the leadership position in regard to cyber-aware mode. It is time to understand how we can make a difference.
CISO and security professionals: Listen to your partners and understand the business need. Don't jump directly to the well-known, "No, this can't be done" solution. Get to know your peers and teach them. Don't think that they know what you know.
IT professionals: Look beyond how to make the machine/application work better (removing the security controls is not the only solution). Make yourself aware of the right way to do things. Be aware of the threats and vulnerabilities, and above all, how to avoid them. Stop considering the security professional walking in front of you in the hallway as your enemy or as another burden you have to suffer. Understand that this is a key partner in the organization’s overall success.
To be cyber aware means to assume responsibility, to embrace the challenges and understand them. It is about taking the steps you are required to take when you need to do so and not to leave it to the others.
Procurement department: Please understand that you have a major role in what's coming into the company — including and most of all new technology and shadow IT.
Users: This is your workplace. This is an environment that might be critical for your family, your country, and even more for your wellbeing. You don't need a well-drafted acceptable use policy (AUP) document to know that clicking on an unknown link might take you to a strange and risky situation. Inserting a USB drive you got in a conference or found on the floor is the equivalent of playing Russian roulette with a pistol full of bullets.
To be cyber aware means to assume responsibility; to embrace the challenges and understand them. It is about taking the steps you are required to take when you need to do so, and not to leave it to the others. Being cyber aware requires you to be at the forefront of progress and technological evolution because if we are honest, what other options do we have?