Cybersecurity: Fighting the wrong battle with the wrong weapons
The technology industry is going about cybercrime the wrong way, according to Nuix senior VP Chris Pogue.
In a new whitepaper, Pogue says the cyber security industry has been "fighting the wrong battle with the wrong weapons" for the last 20 years. He says in order for technology to fight cybercrime and insider threats effectively, it must first solve human vulnerabilities.
"In the more than 2500 data breaches I have investigated, I can count exactly zero that were caused by non-human-initiated system failure," Pogue says. "Like it or not, people are the problem."
Pogue is Nuix's senior vice president for Cyber Threat Analysis.
The whitepaper examines five cognitive biases—"bugs in our brain software"—that cause people to make poor decisions. It examines how other industries have learned to deal with these biases by concentrating on changing human behaviour, and applies these lessons to the fight against cybercrime.
Pogue is visiting Australia this week to meet with government, law enforcement, and business leaders. As well as launching the whitepaper, Pogue will demonstrate the soon-to-be-released Nuix Insight product line. These products will provide an integrated approach to cybersecurity threat prevention, detection, investigation, response, and remediation.
"Our focus with Nuix Insight technology is to reduce the number of human decision points, thereby dramatically reducing the opportunity for mistakes and failure," says Pogue. "To do this we've baked into the products decades of experience from experts in incident response, malware reverse engineering, threat intelligence, data analysis, insider threats, and digital forensics.
The whitepaper includes a strategic battle plan and practical action plan for organisations to focus on using technology, people, and processes to address the people problems of cybersecurity.
"Do we have what it takes to outsmart our own brains and stop ourselves from repeating the mistakes of the past?" asks Pogue.
"Hopefully we can set ourselves up for the next 20 years, get serious about security, address the real human vulnerability, and start reclaiming surrendered ground," he says.