When looking at the reasons for cyber security as a necessity, the human aspect is consistently central. Underlying the protection of information and technology is always the ultimate need to protect people first. In creating a cyber-secure space, people themselves are safer. Their identities, jobs and finances are more rigorously protected from cyber attacks or criminals, therefore, cyber security will always have a human impact.
Aside from the impact upon humans that cyber security, or the lack thereof, can have, humans can themselves affect cyber security. At every step of the technology life-cycle, people can play a role in determining the effectiveness of cyber security. From the people constructing hardware to the eventual users of said hardware, each element of the process is impacted by people, meaning that cyber security and humans are endlessly intertwined.
Looking at the technology life-cycle is helpful in understanding how we as people influence cyber security.
At the first stage of the life-cycle is the design element. Humans design the hardware, software and technology systems which will ultimately underlie the effectiveness of cyber security. Often wishing to produce technology as fast as possible to gain increased profit, designers can sometimes overlook the importance of cyber security. At the design stage, it is crucial to set cyber security as a priority, to build resistance into hardware and technological systems. This in-built, secure approach is recommended by the UK National Cyber Security Centre (NCSC), which they label as a ‘Secure by Default’ process. To ensure that the beginning systems themselves are as resilient as possible, those heading the design stage must understand and advocate for the importance of cyber security, and relay this message throughout the continued life-cycle process. The result of a Secure by Default approach is systems founded on a principle of security which can be maintained throughout the technology life-cycle. If security is built-in, then it does not leave these important and often confusing elements up to the user.
The second stage of the technology life-cycle is the creation process. Progressing from design and moving onto the manufacture of technology also naturally involves people. The Secure by Default approach should be instilled here, continuing security as a priority further than just design, taking this into the creation of products also. This will involve considering potential threats and mitigating against them, whether malicious or accidental. Often, the production of goods involves manufacturing taking place at different locations and by different suppliers. This increases the risk of insider attack or the introduction of gaps in security as the process involves more people. Consequently, these additional risks should be factored in, and considered adequately in the creation process.
After the creation of the product comes the testing, which is vital for the security of the end product. Here, the human element comes in the form of the acknowledgment by the creator for the need of meticulous testing to be carried out. Even after good testing has been completed, the creator must then be willing to accept feedback and potential changes to the product. The effectiveness of testing also depends on the tester’s skills and commitment.
Eventually, the technology reaches its purpose in the use of the product. How we use our technology is important to the effectiveness of cyber security and the risks that we encounter. As much of the technology produced today is not made with the Secure by Default principles in mind, regular people are often unsure as to how to best protect themselves against cyber attack. Leaving cyber security down to the user is an unfair burden which can occasionally result in a security risk. However, this is the reality of most systems and technologies, meaning that the way in which users manage passwords and information plays a crucial role in cyber security. Further, threats from insiders which are accidental and non-malicious are real and frequent. Inadvertently, people may create a gap in security, perhaps through weak passwords or discussion of information in public, which leads to attackers finding a way in.
Unfortunately, the use of the product is not always for good, leading to the alternate ending of the technology life-cycle which is abuse. In the same way that humans are integral to the protection and prosperity of cyber security, they are also integral in the abuse and destruction of it. Abuse of technology can come in many forms, in order to gain information, money, assets, or perhaps for no reason at all.
After hopefully bypassing the abuse section of the life-cycle, the process culminates in destruction. Destruction of data must be carried out effectively where necessary, to ensure that information is not leaked or put into the wrong hands. Of course, people are again integral to this safe disposal of data. It is an inescapable truth that some people will have bad intentions when it comes to systems of technology, which can take advantage of destruction of data too. Malicious attackers may look to destroy important data, or exploit data which has not been destroyed properly.
It is clear that humans affect, and are affected by, cyber security, by nature of the creation and usage of technology by humans. People control the level of priority assigned to cyber security in the design and manufacturing process of technology. Day-to-day users of technology are too often given the overwhelming responsibility to protect their own information, as well as the information of companies and others, leaving cyber security down to almost every individual. Anyone can be a victim of a cyber attack, often unprovoked or untargeted, and as collateral damage of a larger cyber crime. The vulnerability of everyone from the average person to global businesses means that cyber security and its human aspects should always be intricately considered.