Resilience starts at home: cyber-security as a private and public issue
Author: Marcela Guerrero Casas, EDP
Building cyber-resilience will require effective partnering across sectors and borders plus skills development to prevent future cyber-security threats.
Cyber-security is an increasing global threat, with 91% of respondents to the World Economic Forum’s (WEF) Global Security Outlook 2023 believing that a far-reaching, catastrophic cyber event is “at least somewhat likely in the next two years”. This presents a clear call to build cyber-resilience by increasing the skill base across the private and public sectors.
Digital technology and networks are everywhere, and as much a part of our infrastructure as roads and bridges. As our cities become ever more connected, our reliance on digital systems as well as vulnerability to cyber-attacks increases. In the last Futurecasting Cape Town webinar of 2022, speakers confirmed that this issue concerns everyone and that partnerships across sectors and geographical boundaries are essential to protect Cape Town against future cyber-threats.
Adaptive responses to increasing threats
As technology evolves, cyber-attacks will only increase. The City of Cape Town’s Executive Director for Future Planning & Resilience Gareth Morgan pointed out that cyber-security poses a major threat to cities and their ability to provide basic services, yet acknowledged that “we often don’t actively think about [it] until something bad happens.”
Standard Bank Group’s Information Security Executive Itumeleng Makgati highlighted that the best approach is a defensive strategy that presumes that attacks are inevitable. An adaptive, flexible approach results in more effective solutions and helps to create the environment and culture of agility essential for building cyber-resilience.
Adapting to such environments can take many forms, including flexible timetables and responding to threats as they arise – rather than relying on a set calendar for training and meetings – and incorporating cyber-security as a topic across all areas of operation, instead of viewing it as a separate issue or department.
The policy environment must also be responsive and adapt to emerging threats, which is often more difficult due to the slow nature of policy making. By taking the initiative in setting up their own systems before regulation is in place, the private sector and others could set a good example and create a virtuous cycle through peer pressure.
Cultivating trust to maximise collective action
Gabriella Razanno from Open Up pointed to the lack of trust across the public and private sectors as one of the reasons there isn’t greater collaboration, due to fears around what others might do with the information.
Given the nature of security, cementing trust is an arduous endeavour which must cut across sectors and even national boundaries. While this won’t happen overnight, Razanno pointed out: “the most successful organisations will embrace the complexity of cyber-security systems and recognise the connections with policy at national, provincial and local levels as an opportunity.”
Overall, the public sector would strongly benefit from advances in the better-resourced private sector. One solution would be to engage with higher education institutions to ensure a steady pipeline of talent and opportunities for internships and further training. Moreover, co-ordinated action between both sectors is crucial to protect vital infrastructure and services.
Improving skills at all levels
While highly technical skills are required to withstand cyber-attacks, the issue of cyber-security cuts across the entire organisation with skills required at all levels. Companies are eager to recruit people with the technical training and experience yet face a significant shortage of skilled workers.
Similarly, prioritising the issue across institutions requires shifts within leadership. Senior level executives need to incorporate practices that ensure such issues are dealt with ‘at the Board level’ so that decisions that affect the welfare of the entire company can be made.
Ultimately, however, it is about ensuring awareness amongst the entire work force. In 2008, the Pentagon faced one of the worst breaches of military computers seen in the US after staff picked up USB drives spread in the parking lot and plugged them into their computers. While this seems astounding, we are all at risk.
Remote working has turned people’s homes into mini-data centres which increases the risk for all organisations. Trust – and flexible approaches that recognise and adapt quickly to our connected world – across all levels of the organisation will be key for effective safeguards.
The Futurecasting Cape Town series is convened the City of Cape Town’s Resilience Department and hosted by the Western Cape Economic Development Partnership (EDP). To learn more and view all previous Futurecasting Cape Town webinars, visit here.