What are prompt injections and why do they matter?
How threat actors are turning AI against itself.
Read MoreShoutout to the new 70 cyber warriors who joined us last week. As a subscriber, you'll be among the first to receive our weekly newsletters every Wednesday, packed with all the latest news, updates, and insights.
Stay in the loop with our weekly LinkedIn newsletters. We can't wait to connect with you!
Whether or not cybersecurity professionals are annoying.
We spoke to Wojtek Swiatek (VP and CISO at Dassault Systèmes), and he said:
“Cybersecurity is often seen as either a role where you annoy everyone, or technical wizardry. It is however primarily a communication job where you aim to bridge real-life risks with the objectives of your organisation.”
Our perspective is that you are neither annoying, nor a wizard. Hopefully most of your colleagues and customers agree.
But Swiatek’s point is that most people don’t understand cybersecurity well enough, and that’s why their view of what the industry does is polarised: they’re either in awe of us or irritated by us.
And the lack of understanding has implications that go far beyond the perceived identity of cybersecurity professionals.
The UK government co-produced a report called A Call to Action: The Cyber Aware Perception Gap. It noted several implications of the lack of cyber awareness:
All of this adds up. The lack of awareness means that many people aren’t learning about how to protect themselves and their information.
And from the information security side, that creates a huge communication challenge. Often, we feel like we’re talking to a brick wall: we share critical information and really valuable tools to help people safeguard their data, but very few people really care.
As well as leaving themselves at risk, people who underestimate the dangers of cybersecurity are also putting their workplaces at risk – and even businesses and government organisations they interact with as customers or citizens.
When a customer is the vulnerable entry point that attackers use to access a company’s network, it’s the company that gets blamed for the breach.
Password re-use attacks are a clear example of poorly informed customers being leveraged as a point-of-entry. Hackers take customer login details from one website, and then use them to hack into accounts on other websites, because the customer is using the same password across multiple businesses.
UK national lottery owner Camelot and delivery service Deliveroo have both been hit by large-scale bad press as a result of attacks like this – and it’s happening all over the world.
We can’t roll our eyes and shrug it off. Because if individuals perceive cybersecurity work as an annoyance, or as a magical and mysterious endeavour, that means they don’t understand what’s going on.
They don’t know that cybersecurity isn’t a piece of code or a firewall or a room full of experts tapping away at keyboards.
They don’t know that cybersecurity is rooted in communication; or that they play a crucial role in their own security, and in the collective security of their professional and personal communities.
And they need to know that.
Read our full interview with Wojtek Swiatek: Cybersecurity in orbit.
Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 14 June 2023.
Catch you next week,
Steve Durning
Exhibition Director
P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action?
Join the newsletter to receive the latest updates in your inbox.
How threat actors are turning AI against itself.
Read MoreWe take a quick look at major cybersecurity funding rounds and key investment trends in 2024.
Read MorePhysical entry points: Why cybersecurity isn’t just digital.
Read More