The Cyber Security Network Effect of Engaged Employees and Customers
By Paul Norton - Article on November 01, 2017
- Cyber Security
The scale, sophistication and frequency of cyber-attacks against Federal agencies continues to increase. With scarce resources always at a premium, are agencies engaging employees and customers as a cyber defense force multiplier?
Asked to do more with less, agencies are getting better at using the tools available to enhance cyber security and implement innovative approaches to address ongoing cyber risks. For example, in a recent article in Army Times, Major General Patricia Frost, who leads the Army Cyber Directorate at the Pentagon, said:
“Every soldier knows ‘I have to fire my weapon.’ Does every soldier realize that they’re the first line of defense in cyberspace? Between what you have at your work station or your warfighting platform, your iPhone or your Blackberry or all these end-point devices, the adversary only has to have one vector in.”
The Army needs a strong and capable cyber mission force, but responsibility for cyber defense belongs to all soldiers, she said.
This approach is very similar to one implemented by leading consumer, financial, and health care organizations to generate a network effect whereby millions of consumers are engaged as the first line of defense against cyber attacks and fraud as well as to help protect the individual’s financial and medical records.
The network increases in value incrementally with every transaction analyzed, approved, or questioned by an engaged employee or customer. As transactions and participation increases, critical mass is achieved and the output becomes increasingly and incrementally more valuable to both the enterprise and individuals.
For example, a customer may flag a suspicious transaction that, upon further review, is identified as a fraud attempt. Thanks to that customer, the enterprise’s analytics platform can learn from that one transaction and adapt defenses to cover the entire customer set. With millions of employees and tens of millions of customers, Federal agencies have a force multiplier readily available. By engaging the soldier, employee or customer, cyber security and program integrity can be enhanced by doing more with more.
If you’ve ever watched a detective show, you know a murderer suspect must have a motive, a means, and an opportunity to commit the crime. If we think about ransomware—malware that holds computers or data hostage—every cyber criminal on the planet has all three. As we discussed in our first article in this series [link here], hackers can make millions of dollars off a single strain of ransomware, so the financial motive is strong.