The Guru was lucky enough to sit down with Stuart Avery, Business Development Specialist at e2e-assure, at the inaugural International Cyber Expo to discuss key trends, how and why everyone should get involved in cyber, and the industry’s image problem.
According to Avery, cybersecurity has undergone a change over the past few years. The rise of zero trust and identity management has forced cyber-pros to secure the user, not the network.
“It used to be that we took a cybersecurity solution and smashed it into a legacy network, but that’s not how it’s done now. Remote working and “bring your own device” (BYOD) policies mean that cyber isn’t about securing the network anymore, it’s about securing the individual.”
Avery believes that the new, individual focused cybersecurity landscape isn’t just about security, but choice and user experience as well.
“Obviously securing the individual comes first, but it’s important that it is done in a way that gives individuals choice as to how they interact with applications. It’s also imperative that we allow for BYOD without slowing things down with a huge amount of governance.”
Sticking with the subject of the individual, Avery is convinced that, now more than ever, everyone has a part to play in cybersecurity. In light of an individual centric security landscape and the UK government’s new, “holistic” approach to cyber, the role of the individual has never been more crucial.
“The reality is, everyone is responsible for cybersecurity. People have attempted to hack me before, and while they didn’t succeed, because it was so sophisticated I couldn’t help but think – what if they tried that on my Mum? Or my Grandma? I don’t think enough is being done to ensure people know what to look out for, how to identify social engineering attacks or phishing scams.”
Avery believes that the government should place an emphasis on cultural adoption when it comes to raising cybersecurity awareness. This isn’t only important for the individual, but businesses as well.
“I talk to organisations all the time about how important cultural adoption is. Everyone, from the top down, needs to be aware of the role they play in securing themselves, their company, and the country.”
So how do we achieve cultural adoption? According to Avery, the government’s COVID-19 information campaign could serve as a blueprint for raising cybersecurity awareness.
“While I don’t think cybersecurity awareness campaigns need to be as overt as the COVID-19 campaign, I do think we have a lot to learn from that period. Most importantly, recognising the emotional impacts of a crisis, be it COVID or cybersecurity. We hear a lot about the financial impacts of cybercrime, but I don’t think we recognise how distressing it can be, especially for the individual. Helplines would go a long way both for educating the public and supporting them should they fall victim to an attack.”
While Avery believes raising cybersecurity awareness is a worthwhile endeavour, he admits that it will always be an uphill battle.
“The crux of the issue is that cybersecurity relies on people being suspicious, and that’s just not in our nature. We’re hardwired to trust one another. Getting people to distrust everything that comes into their inbox is going to be difficult, especially if they’re busy.”
It’s not only the individual who has a part to play, however. For Avery, vendors should be working to make cybersecurity more attainable. e2e-assure, a SOC-as-a-service provider and Avery’s employer, does that by tailoring their solutions to the customer’s needs. Avery explains:
“Our mission is making cybersecurity affordable. It used to be that cybersecurity was only for the big guys, but that’s not true anymore. We like to think we’re at the forefront of the movement bringing cyber to SMEs. So many vendors only provide holistic protection, which is great for bigger companies, but simply isn’t affordable or even necessary for smaller businesses. We allow organisations to cherry-pick the protections they need to save them from paying for the ones they don’t.”
For Avery, affordability isn’t the only problem plaguing the industry. For the industry to be truly inclusive, he believes it needs a friendlier face.
“There’s a misconception, amongst the public at least, that cybersecurity is still full of hackers in dark rooms, or arrogant tech-geeks reluctant to share their knowledge. In reality, the industry is full of good people with good intentions. I don’t think we celebrate all the good we do. We’re awful for only telling the bad stories, it’s no wonder people don’t listen to us. We keep banging on, telling people ‘You’re going to get hacked’, and they’re never going to respond to that. We need to let the public know that we’re aware of how hard it can be and help them along.”
All in all, Avery has a refreshing take on the state of cybersecurity. Amidst the seemingly endless predictions of catastrophe one is subjected to at a cyber trade show, it’s comforting to hear a brighter outlook. What’s more, Avery is no hypocrite, putting into practice his own mantra of friendliness and approachability.