What Rhinos Can Teach Us About Security, Risk, and Compliance
Those involved in cybersecurity, risk, and compliance can learn a lot from rhinos. Rhinos and corporate organizations have no natural predators; instead, both rhinos and corporations are challenged by man-made threats and it’s driving them towards extinction.
Well, maybe in the case of corporations it isn’t extinction, but they are certainly threatened.
But what else do they have in common? What is it that we can learn from rhinos to lessen the threat to corporations?
Threatened by ‘Unnatural’ Predators
Rhino numbers have depleted rapidly. In just 100 years, we’ve lost around 90% of the population across Africa and Asia, driving the species to the brink of extinction. With no natural predators to blame, we must point the finger toward our own culpability.
Rhino habitats are being rapidly destroyed to make way for agriculture and products to serve our growing population, and rhino horns (which have no medical properties and are, in fact, made of keratin—the same material as your fingernails) are illegally poached and sold on the black market for more than the price of gold.
Corporations similarly have no ‘natural’ predators, yet they suffer significant damage every day. One report claims that 60% of small and midsized businesses that are hacked go out of business within six months.
Not a Placebo
Rhinos have a highly valued asset—their horns—that poachers covet and profit from. Today’s organizations similarly have their own highly valued asset—their data or, more appropriately, their customers’ data. Unlike rhino horns, which at best constitute a placebo in medical use, this data holds very real intrinsic value.
Consequently, corporate predators are growing in numbers and in sophistication. Organizations face threats from their own employees who might maliciously steal data from them, but they also face threats from external sources such as fraudsters, hacktivists, or state-sponsored attacks.
Earlier this month, a reported 100,000 private details were exposed in an attack on Westpac’s PayID system, and earlier this year tech giant Apple hit the news as some of its employees attempted to steal trade secrets. Recent history tells us that these attacks are on the rise, so it’s important that we look at how others have defended themselves.
Rhinos have been threatened by poachers for a long time, and this battle offers some clear lessons that we can apply to the corporate realm. Most importantly any solution must be multifaceted and include people, process, and technology.
Helping Rhinos—a UK-based charity that aims to create awareness of the issues threatening the global rhino population and help protect them for future generations—supports projects successfully covering each of these three pillars.
A group of local community women called the Black Mambas has also helped dramatically reduce poaching in the reserves they operate and has provided education to local communities on the importance of sustainability. The charity also works with Ol Pejeta Conservancy, which is Africa's largest black rhino sanctuary and is driving the use of technology to help wildlife and agriculture integrate, thus reducing land pressures and providing a sustainable future to local farmers and rhinos as they are re-introduced into the wild.
Taking a Similar Approach
Organizations globally must adopt the same approach. It starts with people and it is incumbent on all businesses to realize the importance of creating groups inside the business that are responsible for educating fellow employees as well as providing guidance and virtual ‘patrol’ behaviors until they become business as usual.
We need to strive towards a cyber culture inside the organization much like Lockheed Martin’s ‘The I Campaign’. This initiative was a great success that resulted in a 51% improvement in the volume of undesirable incidents in the business and encouraged a 10-fold increase in reporting on possible incidents.
It isn’t always about forcing people to do something; rather, it’s about putting in place processes that are supportive and reward secure behavior, and therefore enabling people to see the true value in behaving in a secure manner. People are our most critical asset in this fight against man-made predators in the cyber-realm.
Technology in Its Proper Place
Then we have technology, which is often wrongly seen as the most important element to tackling man-made cyberthreats. Technology must be a critical supporting mechanism to our people and our process, while providing further layers of defense.
The key is integration. Technology must not get in the way; it must be close to our users. In our first Nuix Black Report, endpoint technology was cited as the most difficult technology barrier for attackers to overcome. When this endpoint technology is behavior-based like Nuix Adaptive Security, it can help us block unknown attacks or prevent users making mistakes that could compromise security. It’s a perfect example of people and technology working together for better security.
Learn from the Rhinos
If organizations could learn just one thing from rhinos, it is the importance of sustainability. Projects must be well thought out with a view to the long term, but they must also encourage collaboration across various skill sets to implement solutions that are supportive rather than obstructive.
Growing our population of sustainable and secure businesses is essential, which I hope will create a future where being secure is at the heart of every business.
For more on this topic, I’ll be presenting at INTERPOLWorld 2019 in Singapore next week. I hope to see some of you there, either at the talk or visiting our booth #M13. There’s a lot to learn from the plight of rhinos for businesses, and I’d be happy to discuss it more with anyone at the show.