Blog / Disruptive Technologies

Cybersecurity: How to enable a Collective Human Shield? The Human Shield

How can we foster cybersecurity on a collective level?

How can we guarantee business security to master digital transformation comprehensively?

With the increase of digital dependency, the importance of cybersecurity has never been more crucial.

Cyber attacks can come from anywhere and can target anyone, from individuals to large corporations. That’s why we need a collective human shield to protect ourselves and each other from these threats.

In this article, we will explore the ways in which we can enable this human shield and keep our digital world safe and secure. So, grab your swords and shields, and let’s dive into the world of cybersecurity!

Cibersecurity: the challenge of managing the individual and collective spheres

On the first part of this article, we explored some of the human traits that make people the weakest link in the cybersecurity chain.  The capacity of humans to make arbitrary decisions turns cybersecurity into a people´s problem, not just a technical problem.

A recent example exposing this type of cybersecurity dilemma in the case of a hacking group called LAPSUS$.  This group began to appear in mainstream media after Okta (A cloud authentication company used by thousands of organizations around the world) reported that one of its employees’ laptops had been hacked during five days, without the company´s knowledge.  How did a hacking group got access to a key resource inside a security company?  Apparently, they BOUGHT the access from one of their employees.  Yes, they did not brute-force or break-in; they simply bought the remote access credentials.  Though this is not be the first time this tactic is used, the Covid-19 pandemic has widespread remote administrative level access, and therefore amplify the risk landscape.

This brings us to the point in question.  Individual trust is an inherited and delicate element built into system management roles in all enterprises.   However, how can we “trust” people if they are free to make arbitrary decisions?  No easy answer, since society teaches us trust and reciprocity norms which we then extrapolate from social roles to digital roles. 

Cibersecurity in companies: collective measures to battle threats

Humans are generally driven to do individual things; however, it is social trust that drives the collective participation.  The same is true in hacking groups, that sense of belonging and group protection, drive people do participate in activities, which they, perhaps, would not do otherwise. 

For instance, in the case of LAPSUS$, on March 24th UK officials announced the arrest of 7 members, including the 16 years old ring leader.  However, this did not stop the group from, hacking another company the following day, and dumping a load of stolen data in their Telegram Channel to brag team commitment.

If we apply the same objective driven, collaborative measures used by hacking groups to the enterprise side, conceptually, we could hinder cyberattacks more effectively by creating a real human shield.  Enabling a real collective human shield can be a much more effective way of battling cyber threats than what individual actions can provide today.    

Cyber Awareness Training is one of the best tools enterprise have today to empower individual conduct to avoid social engineering, phishing and spoofing attacks.  However, this is done with the hope that individuals are motivated and interested.  Then again, that is not always the case.  Employee sense of belonging, compromise and trust is a given, but not a requirement for employment.  

Imagine a situation where all employees cared for, not just for the cybersecurity courses, but, more importantly, for the safety of the information in the entire organization.  Gaming theory techniques, as well as collaborative models can help us in this journey. 

I believe that CISO’s should expand their vision to not simply focus on protecting the employees as single target objectives, but on the entire workforce as if it were a human shield that is impenetrable.

Learn Cybersecurity and take your digital transformation strategy to another level

In today’s digital landscape, cybersecurity is a critical component of any business strategy. As companies continue to transform their operations digitally, the need for skilled professionals who understand cybersecurity and digital transformation is growing rapidly.

An MBA in Digital Transformation can equip you with the knowledge and skills necessary to navigate the complex digital landscape and develop effective strategies to protect against cyber threats. By investing in your education, you can not only secure your digital assets but also position yourself as a valuable asset to any organization.

Author

Gonzalo Cuatrecasas

IT and Risk Management Expert

Gonzalo is Cyber Security Manager at Axel Johnson International and professor of the Global MBA in Digital Transformation.