Cyber security demands change in approach

There needs to be a change in the way technology is designed and in attitudes to data security to ensure cyber safety, say industry experts

Technology design needs to change so that cyber security is easier to carry out because, as users of technology, people are key, according to a panel of security industry representatives.

“We risk a C1-level national cyber security incident in the next few years if we do not put some science and data behind cyber security and start to demystify it,” said Ian Levy, technical director at the UK’s National Cyber Security Centre (NCSC).

“I think we can stop [a C1-level incident] from happening, but the trajectory I see at the moment around how cyber security is talked about and how people put militaristic analogies around it that make people think they can’t defend themselves, is really dangerous,” he told the Symantec Crystal Ball roundtable in London.

For this reason, Levy said the NCSC wants to publish data and evidence to ensure that people really understand how to do risk managementproperly. “Because in the end, cyber security is just risk management, which is not fundamentally different to HR, legal or financial risk management.”

Levy also believes that the way technology tends to be designed currently makes impossible security demands on people.

As a result, he said security professionals have spent the past 25 years saying people are the weakest link. “But this is stupid,” he said. “People cannot be the weakest link [because] they are people who do jobs, and they are people who create value in their organisations.