If you search the internet for the first example of hacking, you’ll come across the name of Nevil Maskelyne.
He was an Edwardian magician, inventor and businessman.
In 1903, he hacked into Guglielmo Marconi’s demonstration of hisnew radio technology and used the signal to broadcast his own message, undermining Marconi’s claim to offer secure communications in the process. Maskelyne’s 117-year-old hack demonstrates three things.
The first is that technology is never 100% safe. The second is that, despite Marconi’s confidence in his invention, someone was able to manipulate it. And the third I’ll reveal later in this post.
We’re hardwired to behave in certain ways
It will come as no surprise that psychology plays a large part in cyber security. If you give someone the choice between convenience and security, they’ll choose the former. Present them with a long list of T&Cs to sign and they’ll do it without thinking. Put controls in place to make online purchases secure, and they’ll chafe and go somewhere else.
Does that make people wrong?
No. It just shows that we’re all human, creatures of habit with irrationality designed in. And understanding that humans are vulnerable is our key defence.
I appreciate that isn’t new information to anyone working in cyber security. We all know that breaches are more likely to come from within our organisations, whether that’s someone clicking on an infected link or someone else falling prey to phishers.
But human vulnerability also covers something else. Which brings us back to the third thing that we can learn from Maskelyne and Marconi.
I’m an expert, follow me
Marconi was an undoubted expert. History tells us that Maskelyne was an entertainer, although for a time he also managed the Anglo-American Telegraph Company.
Now, humans are built to believe experts. We expect them to keep us safe. And we have that expectation regardless of the circumstances in which they are operating: they may lack vital resources, have systems that don’t talk to each other as they should, or report to a Board that’s focused on other priorities.
Put simply, we forget that experts are human too.
Looking closer for security gaps
At Capita we use that insight – that we’re all human – to drive all of our security work. Whether that’s developing and managing standards like ITIL, PRINCE2 or Resilia (through AXELOS, our joint venture with the Cabinet Office), delivering real-time defences via our two global security operations centres, or the extensive pen testing and consultancy that we deliver to the private and public sectors.
That knowledge means we look a little deeper to find the gaps that attacks can exploit. Can we remove human vulnerability from organisations? Hardly, but you can manage it. There are a number of ways that we do that, and part of it involves automation.
Automatic for the people
Anyone who works in IT security knows that automation isn’t a silver bullet. But technologies like machine learning can certainly help when it comes to reacting to alerts, sorting through logs or identifying false positives. Automation can’t help you answer the question ‘who should I trust?’ but it can flag the issue more quickly than having someone wade through every report of suspicious network activity.
Only people can answer the question about trust. But haven’t I just spent this blog post telling you that humans are vulnerable? Indeed, that’s why the best security isn’t only about protecting people but also about understanding them.