Industry Spotlight: Cyber Security Best Practices from Sky
Cyber security technology has developed greatly over the past few years, with the introduction of advanced technologies such as automation, machine learning solutions, and big data analytics, making organisations’ cyber security strategies and solution infrastructures more sophisticated year on year.
Nevertheless, organisations shouldn’t rely on technology alone when considering how to build upon and improve their cyber security practices. Ryan Duplessis, Head of Cyber Security Engineering & Oversight at Sky, shares some insight into how he approaches cyber security, and why people are an integral pillar to establishing a strong and future-proofed cybersecurity strategy that should work alongside your tools.
What are some key cyber security challenges?
“One of the biggest challenges for anyone building a cyber security strategy will always be human nature.
People are always the most fallible part of a security system because we’re more susceptible targets. Whether it’s malicious or unintentional, our behaviour can’t be entirely monitored and controlled, so issues are bound to slip in. The fact that phishing and social security are some of the most common types of attack prove this. Plus, the scams that target people are becoming more sophisticated year on year. They’re harder to spot and much easier to fall for.
Ultimately, this means that even though we can create sophisticated network security, data security, end-point security, and more, we can never truly secure our people. What we can do – and how I approach this issue – is to focus on building more cohesive security platforms that enable people to keep doing their jobs, and to do it safely.”
“Another issue the industry as a whole is facing is the shortage of skilled people in cyber and cyber security.
No matter how much technology develops, or how much automation is implemented, a good team is essential to get the most of out the tools you have. Investing in your people can help you mature and make sure your security processes run as smoothly as possible.
Diversity is crucial when building a well-rounded team who can effectively solve problems and approach novel challenges. Styles of critical thinking are developed over decades, shaped by age, experiences, background, previous employment, and more. Having a variety of unique perspectives within one team inevitably produces unanticipated ideas and, overall, more elegant solutions that couldn’t have come from a team of people who have the same skill sets.
Consistent training and learning should also be a priority and can help your team and your business grow.”
What have been the biggest focuses for your cyber security strategy?
“For me there are three main focuses that shape our strategies; figuring out how to protect people, data, and technology.
Throughout my career I’ve always tried to keep a balance of technical and management roles. From starting off in a mechanical engineering role to now working as Head of Cyber Security Engineering & Oversight, I think it’s extremely important to embrace a balance between technical and high-level considerations.
This integration of knowledge will be extremely important when inorganic or unexpected security breaches happen. That’s because issues caused by humans are much harder to predict, much more complex to diagnose, and are potentially the most damaging threats to organisational security. In these scenarios you can’t always rely on your tools for the answer; you need to be able to interpret technological problems as well as human behaviour to draw your own conclusions.”
What is especially important for cyber security in this field?
“Our challenges aren’t unique, from data hygiene to automation, there are similar struggles being felt across industries. While the details of different cyber security practices may be tailored to your specific business and concerns, the overarching themes remain the same, and finding the right people is an area where many organisations experience difficulty.”
What would be your ‘best practice’ advice?
“As technology keeping advancing, and the skill shortage becomes more prevalent, it’s increasingly necessary for businesses to make their tools and systems easier to use. Incredibly technical tools require technically trained people to operate, which greatly restricts the hiring pool.
By simplifying the user experience, this barrier can be overcome by introducing a broader access point and reducing the amount of training or education needed. It’s time for cyber security to mimic user-focused industries, like Smart Phones; technology which performs complex tasks in the background but are really simple to use.
There’s also so much more to learn from industries that have been established for a long time, who have been developing and maturing their cyber security practices for decades.”