The Human Factor

Posted on April 15, 2021
Cyber Risk Starts and Ends with People

The Human Factor

Have you ever written a blog and put it aside and forgotten about it? I do it quite a bit. I have these moments where I write a blog, often at the early hours of the morning when my brain runs off on a tangent, a thought, concept, or ‘light-bulb’ moment that I need to run with.

Well, I have been going back to look at some of the blogs I wrote years back and thought I might share a couple. There are a few reasons why I am doing this:

  • It is like a mini time capsule and certainly made me smile, especially when watching some of the older YouTube videos (like Pablos Holman TEDx Talk – Top hacker shows us how it’s done).
  • The points being raised back then are as valid, if not more so now.
  • Which begs the question, ‘how far have we really come in solving the challenge?’
  • Also, on a personal level, my approach and language has been there for years. These were the seeds for the book I have just launched “Risk Starts & Ends With People”.
Capturing insights and experience
The blog I wrote four years ago
When I take a step back and think about cyber security, yes like many, I look at what technologies could potentially provide value to the problem, but it is the “human-factor” that gets my attention most. The motivation starts and ends with humans.
Hacker
  • Cyber-attacks are more frequent, and some are extremely sophisticated, yet when you really think about it on a timeline, we are still in the early days. Which makes you wonder just how creative and sophisticated attacks will be in the future. As humans, we tend to be the most vulnerable aspect in cybersecurity. How do we work together to educate and protect ourselves, because if we don’t, this battle will only get harder?
  • Technology may be the “tools of trade” for cyber-attacks, but the motivation and desired outcome is all driven by humans, people with malicious intent. There are many motives for hacking, i.e. playful cleverness, entertainment, ego, status, entrance to a social group, money, and activism. Whether they are ‘Black Hat’ hackers or disgruntled employees or just inquisitive individuals testing their limits; more and more people seem to be drawn in to test and flex that “cyber” muscle. Which leads me to my next point… the future.
  • The inquisitive individuals testing their limits raises a critical point. During most people’s lives, at some point we have either pushed ourselves to achieve something or being encouraged to push some kind of boundary. Those boundaries seem different these days especially when it comes to “cyber”. Those “tools of trade” are digital and can be used as weapons. As humans it will be our moral compass that guides us towards how we will use those digital tools. One of the challenges within the hacking world is that ‘Black Hatters’ are considered cool and don’t have to comply with rules. Lucky there are also hackers (‘White Hatters’) in the world who have experienced and worked through the ethical dilemma that can be created through hacking (e.g. testing vulnerabilities versus exploiting them) and helping others on an exciting and educational journey for good. One example and story I personally like was Ymir Vigfusson from Iceland, where he shared some of the reasons “why I teach people how to hack”.

One appreciation I always have for hackers is the way they look at a problem or how they look at technology. When they come into contact with a technology (e.g. mobile phones, computers, software), they aren’t like most users who want to work out how to use the technology, they are trying to figure out “what else can I do with this device?” Looking for ways to work around any restrictions. Similarly, when trying to solve a problem, they keep looking for a different angle to get a better result. They are all about pushing the limits of how they think and what they do. If you have ever attended an even or conference, when a demonstration is being conducted, they can be entertaining. Pablos Holman is a good example; even though this YouTube video may be five years old, it is an interesting video and worthwhile to watch.

Fast forward to now
As you can see, I hadn’t quite closed out the blog. The YouTube video by Palos is filmed nearly a decade ago. Crazy, but still so relevant.

Now think of all the advancements we have made in technology and the many devices we use every day, especially with the IoT (Internet of Things). It is so exciting, but also, without a doubt, somewhat scary.

It reminds me when I attended the Black Hat and DefCon Conferences in Las Vegas a number of years ago, the knowledge that was being shared, the ‘tools of trade’ and just how vulnerable organisations, governments and everyday citizens were. I remember shaking my head and going ‘OMG… these guys are learning more about a vendors technology than the vendor’. It was amazing the level of curiosity and pride hackers took in breaking systems, finding those vulnerabilities and exploiting them.

Now I am not trying to scare anyone. But it highlights a few things:

A connected world through technology
  • Being heavily reliant on technology is still a threat due to the vulnerabilities and limitations of the capability.
      • This is not helped if a vendor is over-selling the technology capability.
  • It highlights the importance of people, both sides of the coin:
      • ‘Risk starts and ends with people’, equally.
      • ‘Opportunity starts and ends with people’.
      • We need people to be at the centre of how we navigate and combat our ever-evolving risk profile. Though an Albert Einstein quote comes to mind ‘No problem can be solved from the same level of consciousness that created it.’
  • No we know that people are the most vulnerable link, so why aren’t we teaching the basic cyber-security skills in school?
      • For example, how to actively care for your technology, including patching. The basics and fundamentals, so we can start to reduce the exposure in our next generation.
In our personal and work lives we will continue to be in a battle with our loved devices. They connect us, educate us, entertain us… but they also expose risk to us. They are a tool for many of us and a weapon for some.

But at the end of the day the common factor is people. So, if you are ready to explore a new perspective on risk, and this includes cyber risk, then reach out to me directly.

If you have found value in what we have shared, feel free to check out other blogs by the Unearth team and subscribe to our Newsletter. Feel free to reach out to learn more or share your thoughts on the blog or any information we have provided, we would welcome hearing from you through hello@unearth.com.au

About the Author

Author, speaker and founder of global risk consultancy, Unearth, Lisa Sisson is driven by a strong sense of purpose. Her mission in life and business is the same – to create a safer world. Lisa believes when people feel safe, they are empowered to give their best efforts without fear of failure. This purpose underpins her work at Unearth and has driven a unique perspective within the risk industry.

Related Posts

Unearth your organisation’s greatest defence against risk. Your people.