If you think about online banking, that is only possible because of innovations in cryptography and authentication. Technically, we could have done everything in an internet banking application prior to those innovations, but nobody would trust it; nobody would believe it was secure. Having authentication integrated with your phone, so that you can use your thumbprint or your face, enables a new level of services. With cyber-dependant innovation, there is a big push into to new capabilities. Again, that comes down to thinking about how organisations can innovate with cyber security, how they change that mindset so organisations go beyond ‘here’s a bad thing that’s happened. How do we respond?’ to ‘what are the innovation trends within security protection, and how do we take that information and transform that into value for our organisations?’ CULTURE BREEDS INNOVATION Such thinking comes from a maturity in the organisational innovation process. Technologies produced by companies and sold to others, and technologies implemented within organisations, are representative of the culture of that organisation, the beliefs of that organisation, the way that organisation works. If you are embodying the culture in a technological representation that supports that organisation, then if the organisations do not care about cyber security or the protection of information or systems, the technology will show that – you are not going to get technology that cares about cyber security. One of the key things within organisational culture is leadership. If your leaders do not care about cyber security, then why should the rest of the organisation? This is something my codirector on Lancaster’s Cyber Security Executive MBA, Dr Robyn Remke, wrote about in the last edition of Fifty Four Degrees. You can have all the strategic tools in the world, but as soon as that rubs up against a resistive organisational culture, then you will have an intractable problem. We can talk about and develop multiple tools and programmes to support organisations thinking about how they approach cyber security in a more creative and positive way. But ultimately, if the organisational culture is not conducive to embody that, to create and enable the change, then we are never going to win. We are reaching almost a technological epoch now with within digital and computing technology. We know how to build secure computer systems, but we are not. That is a fundamental challenge. We are not getting the cultural adoption of the security and protection concepts that we need within organisations, coupled with the leadership to drive that adoption. You see good pockets of leadership, but the real question is how do we embody within those who are coming through what it means to be a good business leader so that when they think of a core strategy, cyber security and the protection of digital assets is as natural to them as finance, marketing and everything else? The reason cyber security makes the news when there are problems is because the bad guys and girls are getting ahead of us. They are adopting technology, making use of concepts in a way that industry is still trying to make sense of. Criminals do not have problems of leadership, they are just getting stuff done. Business can use cyber security technology in innovative ways, and there are myriad benefits to doing so – we just need to take the plunge, place it as a core element of our businesses, and reap the rewards. FIFTY FOUR DEGREES | 25 Professor Daniel Prince is a Professor in Security and Protection Science within the School of Computing and Communications at Lancaster University. He is the CoDirector of Lancaster’s Cyber Security Executive MBA. The Cyber Security Executive MBA (CEMBA) is delivered by Lancaster University Management School, the School of Computing and Communications, and cyber security experts Templar Executives. The programme holds provisional certification from the UK National Cyber Security Centre (NCSC). d.prince@lancaster.ac.uk
RkJQdWJsaXNoZXIy NTI5NzM=