top of page
Writer's picturei-confidential

Could an aviation approach to safety bolster organisational cyber resilience?


a plane seat

Insider.co.uk company logo

This article originally featured in insider.co.uk


 
Ian Harragan profile picture

Ian Harragan

Director at i-confidential




 



In a world plagued by cyber crime, never before has the ‘it’s us against them’ theory been more important.  

 

Cyber attacks are not restricted to any specific industry, and no organisation has immunity to assault. Instead, everyone is a target and criminals collaborate to enhance their methods and maximise success. 

 

We are seeing ransomware groups uniting, while criminal gangs are offering their services on a rental basis to open the doors to novice hackers. These efforts are fuelling attacks, while netting criminals big financial returns. 

 

But, given how much success collaboration is offering our adversaries, why don’t we see more of this approach to defend against them?

 

Organisations, particularly larger ones, tend to work in isolation, keeping their cyber security status under wraps. They work to contain information around cyber incidents, seeing any attack as a weakness that could destroy competitive advantage.  

 

But, could this mentality be doing more harm than good? After all, there is no foolproof way to avoid cyber crime, so getting attacked doesn’t always determine the difference between success and failure. In addition, repeated press reports of successful cyber attacks on competitors will only serve to undermine customer confidence across the board. 

 

For a starkly different take, just look at aviation, an industry that has adopted a collaborative approach to safety for many years. When planes go down, airlines and manufacturers don’t withhold information. Instead, black box and other data is widely shared as the sector recognises the mutual benefit a collective approach to safety offers. In turn, this has made air travel the safest form of transport today.  

 

Could other industries learn from this approach to combat cyber crime?  

 

If organisations did more to work together and collectively share information on cyber incidents, surely this would enhance security and provide customers with more confidence in their systems. This does currently happen in some areas of banking and finance. For example, G7 countries recently ran a cyber incident response exercise across 23 financial authorities.  

 

But more needs to be done. 

  

Understanding today’s cyber threat 

 

It’s safe to say that cyber crime is one of the biggest threats to the success of any organisation today. An attack can destroy a business’s operations overnight and catapult it into insolvency.  

 

Fortunately, most industries have responded to this threat by improving defences around their networks and data. Organisations are prioritising cyber hygiene and increasing security budgets to protect their digital assets. 100% security is, however, an impossible goal, so even despite these efforts, no organisation is ever in the clear. 

 

Recent estimates suggest that the global cost of cyber crime will reach $9.5 trillion this year, with the average cost of a data breach reaching $4.4 million.

 

Earlier this year, three world-leading banks fell victim to supply-chain attacks, while we have also witnessed hundreds of organisations across all sectors being impacted by a recent spate of attacks targeting customers of Snowflake, a cloud-based data platform. 

 

These instances highlight just how volatile the digital world is today. Organisations can spend millions defending their infrastructure, but when one link in the chain is weak, it can bring everything down. 

 

Following an aviation approach to safety would improve cyber resilience

 

When something goes badly wrong in aviation, the industry focuses on learning exactly what happened, and why, to avoid such accidents happening again.  

 

If organisations took a similar approach regarding cyber incidents, this could greatly improve protection overall. For instance, if criminals are using a specific social engineering tactic, sharing that information could prevent others falling for the scam. Or, if vulnerabilities are being exploited to compromise a supply chain, disclosing the vector could encourage other organisations to patch their systems.  

 

The British Library recently took the notably unusual step of disclosing, in minute detail, the weaknesses in its security that led to a high-profile and extremely costly breach. There was much for others to learn in that story, which was the primary reason for going public, and the organisation has won considerable praise for doing so. 

 

Knowledge is power in the fight against cyber crime. A forewarned industry is a forearmed industry, which significantly bolsters resilience. 

 

These dialogues need to be regular and open, where in this context peers are not viewed as competitors, but as comrades, with everyone working towards the shared goal of improving cyber resilience. This will improve confidence among customers and partners, while collectively fighting back against criminal adversaries.

Comments


bottom of page