Progress, be it simple or complex, always comes down to a combination of People, Process and Technology.
Whilst any of the these can be the original trigger; the outcome always affects all three.
The Industrial revolution was a good example where new technologies (industrial engines) fundamentally re-designed manufacturing processes (production lines) and had far reaching impacts on the people employed (not all of it good one might add) through the dis-aggregation of skills, the re-balancing of power in favour of owners, urbanisation etc.
When faced with the need for immediate outcomes we can forget the importance of all three aspects and fall into the trap of throwing yet more Technology to fix issues as they appear. Worse still, we can gravitate to the next new technology through the fear of missing out (FOMO).
More recently, in IT, you might recall the early days of Customer Relationship Management (CRM).
Every Business simply just had to have one. It was only at the cost of huge costs, frustrations and botched roll outs that they later came to realise that they hadn’t worked out what they actually wanted from it, and how it aligned to their People and Processes.
In the world of Cyber Security, we see this “Fire, Aim, Ready” every day.
We have a plethora of shiny new tools (to the point of overwhelming) and because cyber security is most often brought late to the party, the near automatic reaction tends to be to reach out for yet more technology to “quick fix” a problem. Then we move on to the next issue.
If we are to take any lesson from history it should be to go back to People, Process and Technology; and in that order.
The majority of cyber security incidents are caused by People (and many quite innocently). The development of OH+S cultures has shown the way this should be done, now its time for the culture of cyber security to follow that example and be a company wide culture, from the boardroom to all employees. The boardroom needs to manage Cyber Security as a significant business risk and drive the business to ensure the right things are done.
Yes, there are many new Technologies designed to help resolve issues, but the knowledge required to address the true complexity of cyber security issues resides largely in people…
Processes should be the cement how “to do things right” for your companies’ business. Understanding, aligning and measurement remain the key to systemically addressing new emerging threats and increased regulations and obligations.
Considering People and Process first will help you design the right Cyber Security guardrails and the appropriate controls to be enforced. Done right, this will allow your business to operate at speed, with security in place.
Forced upon late, it will stifle progress and frustrate your stakeholders.
So, take a break from the technology treadmill…..Take a step back to better leap forward.
Think CyberFirst and THEN use Technology to enable it.