Time to Lead
For many in the cybersecurity industry the recent WannaCry ransomware global outbreak was, loathe as they might be to admit it too loudly, in some respects just what they had been waiting for. Not as has been suggested because of the opportunities it presents for making money, but because there has been a feeling in the industry for a while now that the ‘cyber’ issue was gaining publicity but no real transformative traction.
As Kris Hagerman, chief executive of security firm Sophos, said: “It is sort of a worldwide wake-up call, that we have to really redouble our efforts to get the basics right in security.” So will we all do so – is there a global wake-up, a call to arms, an alarm ringing in every cabinet office and boardroom in every country? These and similar sentiments filled the media recently as health services, delivery firms, banks, individuals and more fell victim.
But an argument can be made that such a call to arms is not going to help much and may in fact cause many more problems than it solves. This argument is rooted in the approach to cybersecurity taken to date – which indeed arguably led to the success of WannaCry in the first place – and even the approach taken in the immediate aftermath of the attacks. In other words, if this is a call to arms there is a significant danger that it is simply a call for more of the same, when an altogether different approach is urgently required. That this is true beyond individual organisations – meaning among governments and policymakers too – makes it even more pressing.