Search
  • Mohan Chathuranga

3 Reasons why Cyber Security is Complex

A lot of organisation try to apply find it complex to solve cybersecurity issues. Here's why.



With so much change in store, there’s one area that organisations can’t afford to ignore: Cyber Security. Digital ecosystems can only function efficiently if all parties involved can trust in the security of their data and communication, as well as the protection of their intellectual property.

After years of investing billions of dollars still organisations does not feel secure against cyber threats.

Protecting your company and ensuring security requires significant investment and clear guidelines for data integrity and security. After so many years of cyber security innovations and research we are finding it extremely difficult to cope up with the complex nature of cybersecurity. Here's 3 reasons why:

1.  The problem isn't JUST TECHNICAL

2.  Theories of physical world doesn't work in Cyber Space

3.  CyberSecurity Laws, policies and practices are yet to mature

The problem isn't JUST TECHNICAL

To prepare for and prevent the cyberattacks of the future, organisations need to balance technological and tripwires with agile, human-centered defenses. These vigorous, people-focused efforts must go beyond the commonly discussed “tone at the top” — it must include a proactive leadership approach with faster, sharper decision making. As cyber threats grow exponentially, comprehensive risk management is now a board-level priority. Indeed, the great investor Warren Buffett highlighted cyber risk as one of the gravest concerns facing humanity during Berkshire Hathaway’s annual meeting.

There will be some investment required in enhancing personnel readiness. But it can be cost effective over time, particularly when compared to implementing cutting-edge cybersecurity technology that may become obsolete. To be clear, technology is a critical piece of the cybersecurity puzzle, but just as with a car containing all the latest safety technology, the best defense remains a well-trained driver.


Theories of physical world doesn't work in Cyber Space

Cyberspace operates according to different rules than the physical world.No physics and maths rules applied in the cyber world. In data communication network means that concepts like distance, borders, and proximity all operate differently, which has profound implications for security. With distances having very little impact on reach, threats can come from anywhere and from any place. The borders in cyberspace don’t follow the same lines we have imposed on the physical world; instead they are marked by routers, firewalls, and other gateways. Proximity is a matter of who’s connected along what paths, not their physical location. 

The same concepts of cyberspace that allow businesses to reach their customers directly also allow bad guys to reach businesses directly. Yet you can’t have governments get in the way of the only one instance. Sharing information among people at human speed may work in many physical contexts, but it clearly not enough in cyberspace. As long we continue to try to map physical-world models onto cyberspace, they will fall short in some fashion.



CyberSecurity Laws, policies and practices are yet to mature

With different jurisdictions, different economic conditions and knowledge gaps have lead a huge difference in law making and practice in Cyber Security compared in different countries. Although certain treaties and conventions addressed some of these issues implementations in the local contexts could significantly differ from regions. Whereas the offensive knowledge base, technologies, access to tools are quite up to the same standard throughout most of the countries. Following questions needs to be seriously answered to address this issue;

  • What is the right division of responsibility between governments and the private sector in terms of defense?

  • What standard of care should we expect organisations to exercise in handling our data?

  • How should regulators approach cybersecurity in their industries?

  • What actions are acceptable for governments, companies, and individuals to take and which actions are not?

  • How do we hold individuals and organizations accountable across international boundaries?



Realization of these 3 concepts are important in policy making related to cyber security. Achieving the correct balance of these 3 concerns would lead an organization to achieve its cyber security objectives.

Source: HBR article on Why is Cyber security So hard by Michael Daniel

11 views0 comments