Crossing the road

Last week I spoke for Jersey Cyber Security Centre ( CERT.JE) about the changing threats facing us — from the very active offensive cyber campaign forming part of the war in Ukraine, to the emerging threat from AI tools that can be used for harm as well as for good.

But the important part of my comments was to show that whilst these cyber threats are real, there are sensible steps we can take to respond — we do not have to bury our heads in the sand and hope for the best.

I made the analogy of crossing a road safely. We do basic things like looking left and right consistently and well. We don’t make pedestrians wear crash helmets, reduce speed limits to 5mph, or ban people from leaving the house.

However, we also do the basics every time, not most of the time. Look left and right only 99% of the time and you will eventually be hit by a car. Not maybe — definitely.

So when we talk about basic controls — two factor authentication, rapid patching, only running supported systems, basic assurance like The IASME Consortium and the UK Government’s Cyber Essentials Plus Scheme — these are not optional, nice to have or aspirational. We can’t opt one system out because it’s difficult, inconvenient, or the CEO’s pet project. This is basic hygiene that that we can’t afford to get wrong.