Hackers are human too

When you get right down to it – past the phishers and the firewalls, cybersecurity is a human industry.

Its victims are human, its culprits are human, its unwitting accomplices are human and it’s sustained by appealing to an eminently human instinct. Namely, fear of the unknown.

Frankly, the way some of the big players talk about their business doesn’t help matters. In fact, they often – perhaps even deliberately – stoke the very fears they’re apparently seeking to allay.

Many of the industry’s household names sport sensational straplines that almost conjure up images of an Avengers-style war against dastardly comic book villains hell-bent on poisoning the world’s water supply or opening space portals to malevolent realms.

The reality is far less Hollywood. And far more human.

According to Verizon’s 2016 Data Breach Investigations Report, the leading cause of reported data breaches were simple errors committed by people inside organisations. Moreover, in 63 per cent of ‘confirmed’ breaches, attackers simply took advantage of weak or default passwords, or nabbed them in phishing attacks.

The ‘cyber’ in cybersecurity suggests an alarmingly sophisticated threat. And in many ways it is. Certainly, the tools have evolved beyond fences and locks, hammers and crowbars.

But, rather like burglars testing unlocked doors or windows left ajar, today’s hackers are still predominantly pouncing on human error.

After all, hackers are humans too.

They may be more professional and more organised than ever. They may even be part of consciously dehumanised organisations like Anonymous. But, ultimately, they’re people with decidedly human aims and motivations.

So how can cybersecurity firms – particularly small or new ones – humanise themselves?

Here are three ways:

  • Be positive. There are too many scaremongers around. So ditch the language of fear. Embrace the language of trust.
  • Be credible. In a market of megalomaniacs promising to ‘save the world’, a little understated confidence (and realism) will go a long way.
  • And above all – yep, you guessed it, be human. Cybercrime doesn’t care who it affects, so you should. Show you understand clients’ concerns and provide tailored solutions and advice rather than one-size-fits-all packages.

It may not be glamorous. And it probably won’t inspire a blockbuster movie franchise. But to the 74 per cent of SMEs reporting a breach in the last year, it might just be a breath of fresh air.