HomeNewsWhat is it that puts people off cyber security?
This article was written and provided to the Scottish Business Resilience Centre by Robbie Ross, Chief Security Officer at Converged Communication Solutions.
The American businessman and philanthropist Warren Buffett once said, “I don’t know that much about cyber, but I do think that’s the number one problem with mankind.” If that is the case, why are so many people put off by cybersecurity? In my experience it’s a belief that it’s too complicated, it costs too much money or it’s something that they do not need to worry about. Unfortunately, when people have those beliefs, it can be very difficult to get them to change their mind.
If you work in IT, then you understand the importance of cyber security. The same can be said for those that have experienced a breach and it’s a safe bet to assume they wish they hadn’t been put off security in the first place. However, these are not the people that still need to be convinced. It’s the sole trader, micro and small business owners who have no IT experience at all that need to take steps to secure their business. So how do we get them onboard?
I’m showing my age here but when I first started working at Grampian Police in 1998, we did use computers, but not for everything. There was still a lot of paperwork flying about between departments. I would hazard a guess that no one knew what cyber security was. That was the case for me for the first 10 years I worked there.
It wasn’t until I became a Counter Terrorism Security Advisor (CTSA) that I started to learn more about cyber security. The role of a CTSA is to provide protective and counter terrorism security advice to all businesses, both public and private. I found myself engaging with a whole host of organisations from energy firms and laboratories to shopping centres and companies that provide vital functions to the running of the UK.
However, as important as physical security is, I realised that the expensive CCTV system could be taken out by a phishing email and some malware, and you could bypass the security gate by having someone pick up a random USB stick, walk past security and plug it into a networked computer.
It was clear that cyber security had to be considered as part of a holistic approach to security. But what did I know about cyber security? I didn’t have a degree in IT, computer science, or ethical hacking. That was when I learned that being cyber secure was about more than just processes and technology.
My last job within Police Scotland was with the Cybercrime Prevention Unit where I worked with businesses, public sector organisations, charities and schools delivering cybercrime security information. I travelled thousands of miles across Scotland speaking to as many people as I could, and my main objective was to influence the behaviour of both individuals and businesses to improve their resilience in tackling the threat of cybercrime. I even won the Police Scotland Police Staff Member of the Year award.
When I joined Converged Communications Solutions in the summer of 2020 the company were on their own mission to educate. You could argue they took a risk when they employed me as Chief Security Officer because I don’t fit the typical profile. So why did they?
When I saw the then CEO of the National Cyber Security Centre, Ciaran Martin, speak at the Scottish Police College in November 2018, he said that businesses need to stop seeing cyber security as “techie” and “geeky” and he is right. But for businesses to not see it as such, we need to employ people who can demonstrate this, and that comes from embracing people from all sorts of backgrounds and experiences. I guess that is where I fitted the bill.
So back to that question I posed earlier. How do we get the sole trader, micro or SME business onside? As technology continues to seep into all areas of business, the scope of the cyber security industry has grown exponentially, and the result is a need for greater transferrable skills. Clearly there are many roles that require a technical capability, but as important is the ability to communicate clearly, listen, problem solve, resolve conflict, and never underestimate the importance of a positive attitude.
My job is not to seek out the people who understand and embrace cyber security, but to find the person who hasn’t yet started on their cyber journey. The people who are still, for whatever reason, put off. The way to do that is not to baffle them with technical terms and overly complex, superfluous details, but to explain in a simple way that cybersecurity does matter to them and that it doesn’t have to be complicated or expensive.
My career took many different paths, and despite not having the “traditional” background for someone in my role, I have been welcomed into the industry. I want to tell others that anyone can work in cybersecurity. The majority of people I speak to day-to-day are not interested in the technical aspects of cyber security. In fact, many of them have found themselves in a similar situation to me where cybersecurity, data protection or cyber training responsibilities have been added to their job spec. And as cyber security is everyone’s responsibility this is no bad thing.
I want to educate, change misperceptions and break down barriers so that organisations can be more cyber confident but also to encourage more diverse people into the industry.
Presenting with TechFest in Feb 2021
Talking about my career for Aberdeen City senior pupils
About Robbie
Robbie Ross is Chief Security Officer at Converged Communication Solutions. Robbie joined Converged in 2020 after 22 years with Grampian Police and then Police Scotland, most recently in their Cybercrime Prevention Unit.
He is passionate about simplifying cyber security for public and private sector businesses, charities, and the general public.
He brings a wealth of experience gained from his time as a Counter Terrorism Security Advisor (CTSA), where he provided security advice to sites that may be vulnerable to terrorist attack. Over a 10-year career as a CTSA, Robbie trained in specialities such as site surveying, integrated security systems, information and personnel security, working with private and public partners, including government departments, on large-scale new builds and events.
Combining his knowledge and passion for cyber security, with the extensive technical skills of his team, Robbie provides organisations with comprehensive security overviews and recommendations for increased resilience.
Cyber Security Awareness Month – Get Involved and Stay Safe October is Cyber Security Awareness Month, and the Cyber and Fraud Centre Scotland is here…
In recent weeks, the Cyber and Fraud Centre has hosted two successful events as part of our Cyber Executive Education Programme—one in Belfast and one…