People matter: the key ingredient to a resilience mindset

Cyber criminals are unrelenting. Covid-19 has underlined this and demonstrated the complexity of challenges that organisations face. Criminal gangs continue to exploit the pandemic through fraud, scams and by tempting those facing financial hardship into the criminal underworld. Ransomware is the favoured method of attack, and with employees working remotely – both within organisations and the companies in their supply chains – remaining vigilant among a myriad of competing personal and professional demands is an added challenge. So optimism is in short supply, even before the potential ramifications of the SolarWinds breach became public.But in my view, there’s still cause for optimism. Although criminals continue to innovate, posing a dynamic threat that only their ingenuity and resources restricts, organisations possess a critical asset at the foundation of their defences: people. And companies whose people own and embrace a “resilience” mindset – assuming the inevitability of incidents, planning for their recovery and remaining positive – are the ones best placed to deal with an evolving threat landscape.Diverse threats need diverse protections Creating a resilience mindset requires not only the right policies and process, but also teams of people with varied and complementary perspectives, skills and experiences. Combating sabotage of cloud services needs both the technical expertise to configure defensive software and the strategic thinking around dependency risk in a market of limited suppliers. Mitigating the threat from third parties, and even fourth and fifth parties, requires detailed oversight of suppliers as well as interpersonal skills that sustain good supplier relations in the wake of a data breach. Building such teams means not simply looking at qualifications and certifications but also ensuring teams are inclusive and diverse in all senses.More than being just a moral obligation, creating such teams also enhances performance. The UK’s National Cyber Security Centre’s (NCSC) 2020 report Decrypting Diversity cited Gartner research that found stronger levels of diversity and inclusion can deliver benefits such as enhanced creativity and innovation, which are particularly prevalent in pressured situations such as incident response. And this is in addition to greater employee satisfaction and stronger talent retention. So it is alarming that the report found nearly three-quarters of negative incidents such as discrimination based on race or gender went unreported in 2020.Acceleration is neededProgress is visible in our industry, but the pace of change is too slow. In a soon-to-be-published survey of women in cyber from the Chartered Institute of Information Security, many of those surveyed admitted they had experienced some form of sexism, and a majority had experienced being the only woman in their organisation. There is still work to be done by leaders to make inclusion and diversity a natural given within organisational cultures – and this means embracing the inputs of individuals from varied age, class, educational and experiential backgrounds. Many short-term potential solutions to this challenge are already underway, but organisations must enact change for the medium and long-term too. This means collaboration and partnerships to educate future generations of cybersecurity experts, co-ordinated by both the public and private sectors. National educational programmes, such as the NCSC’s CyberFirst initiatives, provide pioneering opportunities for young people to learn about cyber, and for companies to have open discussions about inclusion and diversity.Outreach programmes can also target those from specific backgrounds: the Atlantic Council Cyber 9/12 student strategy competition, for example, targets non-technical graduates. And there are other valuable groups too, such as those transitioning to cyber from the armed forces or individuals returning to work. In this way, cyber careers can attract people who may not have considered them previously.Internal and external pushWithin organisations, senior business stakeholders can continue to provide vocal and visible support for the need to attract both technical and non-technical cyber expertise, as well as provide training for managers to nurture talent objectively and without bias. But they can also take practical steps, including extending job application deadlines to ensure that women, who may take longer to apply for roles than men, spending longer investigating and ensuring they are a good fit for roles, have sufficient time to apply. Our people and their resilience will support our defences now and in the future. Cyber criminals will continue to exploit situations for their own gain in innovative and creative ways. Diverse and inclusive teams are critical in our response. It is crucial that we build resilience from within – starting with our people. Nina Paine is the global head, cyber stakeholder and government engagement at Standard Chartered and sits on the Board of the Chartered Institute of Information Security. Having served in both the public and private sectors at the National Crime Agency and in Financial Institutions, Nina is committed to building global strong and sustainable public-private partnerships to address cyber risks more efficiently.

Your cyber intelligence source

People matter: the key ingredient to a resilience mindset

Related content

Palo Alto Networks Dismiss Number of Vulnerable Firewalls

Government Security Group Seeking New Members and Expertise

Microsoft Takes Down Phishing-as-a-Service Domains

Research: Half of Working Week Commonly Lost to Manual Tasks

Five Named and Charged in SMS Phishing Effort

Businesses Commonly Attacked Outside of Working Hours

Industrial Cybersecurity Under Attack in 2024

Upcoming Events

People matter: the key ingredient to a resilience mindset

Related content

Palo Alto Networks Dismiss Number of Vulnerable Firewalls

Government Security Group Seeking New Members and Expertise

Microsoft Takes Down Phishing-as-a-Service Domains

Research: Half of Working Week Commonly Lost to Manual Tasks

Five Named and Charged in SMS Phishing Effort

Businesses Commonly Attacked Outside of Working Hours

Industrial Cybersecurity Under Attack in 2024

Upcoming Events

Confirm cancellation

Sign up benefits