The digital age offers amazing chances for businesses to grow, but it also opens doors for bad actors to cause serious trouble. With 30 years of experience in technology leadership, including roles as CIO and CISO, Richard William Bird, a six-time C-level executive, author, and global speaker, shares crucial cybersecurity insights for executives. His experience is in both corporate and startup environments, along with his advisory roles to young companies and venture capital firms. This gives him a unique perspective on how to navigate these digital dangers.
Understanding the Human Factor
Richard emphasizes that people are simultaneously the strongest and weakest points in cybersecurity. “The most powerful tool in our security arsenal is attentive, informed human beings who recognize when something isn’t quite right,” he notes. This highlights the importance of a vigilant workforce. He suggests that a culture of “If you see something, say something” is as crucial in the digital realm as it is in our physical communities. Employees who are aware and report suspicious activities can significantly enhance an organization’s defense.
However, Richard warns against overlooking the human tendency towards convenience over security. “Failing to recognize that the same human beings around us can ignore or actively work around our security efforts is a certain recipe for failure,” he says. He explains that individuals often prioritize ease and speed, potentially bypassing security protocols in the process. “Human beings will seek out convenience and the fastest path to gratification or success more often than they will actively think about security.” Therefore, understanding the human factors in security, both among employees and the adversaries, is essential. Recognizing these behaviors allows organizations to design systems that balance security with usability, ensuring that employees don’t feel the need to circumvent protective measures.
Focusing on Foundational Security
Richard points out a common misconception: that basic security is simple to implement. “Technology is complex, and there aren’t many things that are basic about it,” he clarifies. He stresses that foundational security is about addressing the most common attack methods, rather than just doing the basics. “Almost all breaches and exploits of corporate systems are through simple pathways like stolen accounts or forged credentials,” Richard explains. This is because attackers prefer the easiest route. “The bad guys always look for the easiest way to get into your systems and your data.”
Complicated methods take time, money, and resources and risk getting caught. “Core foundational security management gives the bad actors plenty of open doors and windows to attack and successfully steal your data, your revenue, and your market trust,” he says. Richard highlights that attacks like ransomware, account takeovers, and fraudulent account creation are successful due to a lack of focus on these foundational elements. “Foundational security is about ensuring that your cybersecurity organization addresses the most common methods of attack and eliminates the opportunity for them to be used by the bad guys.” Therefore, investing in robust foundational security measures is crucial for protecting an organization’s assets and maintaining trust.
Addressing Nation-State Threats
Richard strongly advises against underestimating the threat of nation-state actors, regardless of an organization’s size. “Stop believing that your company or organization is too small or too unimportant to be a target of, or concerned with the actions of nation-state actors,” he urges. He explains that countries around the world are actively supporting hackers to target businesses of all sizes. “All around the globe, nations competing with or antagonistic to the largest economies in the world are actively supporting the efforts of hackers and thieves who are hammering small and medium-sized businesses trying to steal your data.” Even if an individual company’s data seems insignificant, it can contribute to a larger pool of information used for malicious purposes.
“Your data alone might not seem valuable to countries like China, Russia, or North Korea, but your data added to the data of hundreds of other attacks can be used to assemble an enormous amount of actionable information,” Richard says. He cites a 1999 digital warfare strategy by two Chinese PLA officers, suggesting that everything in the digital world can be used as a weapon. “This strategy included disinformation campaigns, predicting the use of consumer electronics like personal drones to disrupt military operations, election manipulation, and the use of social media to create division between citizens of a nation.”
This unrestricted warfare method has been used against G20 countries and others worldwide. “This strategy is why nation-state hacking is a genuine concern for everyone, no matter how small your company or community or the industry or organization is associated with,” Richard concludes. He hopes these observations will prompt further exploration into making the digital world safer for everyone.
To learn more about Richard William Bird and his approach, check out his LinkedIn profile.