02 August 2022

Have you ever taken time to consider what makes you feel safe? Partially, it is about the safeguards that you put in place yourself, the locks on the doors, the alarms and other security devices. Wrapped around this there are the defences that society provides; the police force, the rule of law and even the armed forces & security services.  But, is that what really makes you feel safe?

Feeling safe is a state of mind rather than just the physical thing. A lock on a car defines a boundary, but you can still break a window. A police force provides protection but they have to be in the right place at the right time. A government can define laws but they are not always good ones from everyone’s perspective. What actually makes you feel safe is a commonality of principles and community – let me explain…

You feel safe because you understand the people around you and you know they share the same view of right and wrong. This goes for the people in your street, your family and friends, right the way up to the authorities that govern you and the jurisdiction in which you live. In a small jurisdiction like the Isle of Man all these things are very compressed as the Government is very much part of the community, full of people you really do know as friends, neighbours and acquaintances. You feel safer when these people are closer and better known to you, and you feel there is no possibility of you being outnumbered or overpowered. Hence, why you feel inherently safer living in a village than in a big city, in a small jurisdiction rather than a big one, despite the fact that in the larger jurisdiction, there are more protective resources that can be mustered in a time of crisis.

The global village

So, let’s add a different dimension to this, that of the global village that we call the Internet. In this world we are within a vast unknown city on a daily basis. However, we often look upon certain areas that we frequent, such as Facebook or Twitter, as cosy little rooms filled with friends. In fact, they are often not closed at all and you may not know the true identity of the people you are conversing with. The equivalent in the physical world would be shouting at your friends in the house with all the windows open and then inviting someone in that you had never met before, wearing a mask and a home-made name tag. What is even more daunting is that, in the electronic world, once you put content up there it’s almost impossible to take it back. ‘What happens on the internet stays on the internet – forever’.

Similarly, consider even more simple things like email. Anyone around the world can find out your physical address and send you junk mail, but it costs them money to do that and certain things would be filtered out by your friendly postman – certainly the flaming envelope is unlikely to get to your door let alone through it. However email, where addresses are simpler to find, free to send in vast quantities, and can easily contain the equivalent of the flaming envelope, or worse, convince you of a legitimate reason to do something detrimental in the real world.

So what is the point that I am trying to make? Fundamentally, we have opened up our lives, work, and indeed wellbeing, to a world of strangers about whom we have no real knowledge. We are in a situation which, if it were a physical space with tangible people, we would be concerned and alarmed. Yet in the cyber-world we don’t see the threat, possibly because we are not really seeing past the physical environment that is the relationship between us and our PC or mobile phone. This needs to change.

Physical and cyber worlds meet – how security affects business

In business it is becoming increasingly important to protect digital assets because the threats actually go beyond personal financial threats such as stealing credit card details, or impersonating an individual or what may have been romantically termed in the past as ‘industrial espionage’. Our lives are dominated by sophisticated systems that are all vulnerable to attack not for profit motives but for those of disruption or even terrorism. Consider what would happen if public utilities were subject to a hack and all the electricity turned off (and this is possible). Consider how many things would not work if the communications were disrupted, this would affect the private networks that service ATM’s, Point of Sale Machines, online banking, mobile phones and the internet itself

This is the threat of the modern age and we all have a part to play in defending against it. In companies, particularly SME’s in small jurisdictions, we compound this false sense of security by thinking that we are too small or distant for anyone to bother with. The fact is that scale is no longer an aim of many of the groups that are now hacking organisations. Hackers are hired by states to be disruptive or to find out information about specific people or to accumulate lots of little bits of information from different sources to stitch together a picture. Hackers sponsored to do things like this no longer need to fund their activities by stealing money, they can take their time over their tasks while fully funded as a ‘job’ or ‘contract’. Perversely, this makes the Offshore environment even more vulnerable as more valuable snippets of information may be available in these locations as opposed to the scale that exists elsewhere.

Collective responsibility to safeguard data 

It is a fact that, with persistence, aided by the lack of a need to directly monetise activity as quickly as possible, that every organisation is vulnerable in some way to hacking. Therefore, when we talk about systemic risk and threats to society, then much like we would think about our place in stopping someone from stealing a bag in the street from an old lady, we need to think of the part that we play in defending the good within the digital realm by attitude and collective response. Everyone has a part to play in this.

This all starts with the simple things. Children need to be better educated as to cause and effect, risks and responsibilities in the digital worlds that they inhabit, and become participants in policing those spaces. Society as a whole needs to become more digitally aware through its generations. The faster this happens, the better the position to capitalise on the benefits that the Internet provides, whilst fully understanding risks and knowing how to deal with them.  So, as the individual moves forward positively, so does the jurisdiction and economy around them. This may seem like an exaggeration, but defining the strategy in this area is now an imperative for a modern society and that is the new challenge to us all.