Interview with Graham Mann
Email interview held on 1st November 2017 – as follows between Alan Radley (questioner) and Graham Mann (relator):
- What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?
- For organisations it’s clear that they have not understood the threat from cyber attacks and continue to under invest in protective measures but the problems are much deeper than this. The issues relating to cyber attacks will not be solved until organisations have addressed their strategy in regard to digital assets in general. This is not simply solved by employing more security people, nor by buying additional security devices, it requires a fundamental rethink on how they deal with [their] data. Let’s look at wider environment in which organisations operate: There are insufficient security professionals in the world; there are literally thousands of security solutions, far too many for the vast majority of organisations to track; managed security services could be the answer but many of these providers are not delivering an acceptable service; attackers are better funded, have access to both tools and resources, and operate with impunity; the impact of attacks is felt mostly by individuals whose data/identity has been stolen, not the organisation with whom their data was entrusted; there is no real global body able to combat the attackers. Billions are spent on cyber security every year and the number increases exponentially, yet the scourge of cyber attacks is worse now than it’s ever been.
- For consumers it’s even worst. They are subjected to data and identity loss through no fault of their own and with little chance of suitable recompense. They are forced or enticed to adopt technology that leaves them fundamentally exposed to cyber attack, be it emails, social media, ecommerce, banking, mobile phones, IoT devices, etc. There is a singular lack of security knowledge amongst ordinary people leaving them exposed to criminal gangs, who are experts in their art. Governments and other bodies try to provide assistance but it’s mainly in vain.
- What – in your estimation – are the reasons behind the many computer security breaches/failures that we see today?
- The answer is a cocktail of issues:
- Lack of support from the top, often because of a misplaced risk appetite either based on a fundamental misunderstanding of the problem or a myopic view of life
- Too few security professionals
- The answer is a cocktail of issues:
- A communication chasm between the security team(s) and the “c” suite
- Poor security strategies
- A misplaced reliance on individual security solutions/devices
- Managed security service providers that are unable to detect sophisticated attacks
- A lack of end-to-end security management solutions to support organisations’ efforts to become more secure
- Too many security solutions and vendors making it difficult to see the wood from the trees.
- Lack of governance with the teeth and resources to protect the consumer/employee
- Increasing pace of technology in an ever more connected world
- The attractiveness of using cyber attacks for criminal gain
- Cutting-edge attack tools develop by governments for cyber warfare that find their way into the hands of criminals
- An Internet that have become akin to the wild west, where you can’t be sure of anything except you are likely to be duped at some point
- The convergence of physical and logical security is very slow
- Manufacturers, software companies. Ecommerce, etc., pay little consideration to security
- Where do you go to find your “science” of cybersecurity?
- The Internet at large
- Do you recommend a particular cybersecurity blog that our readers could follow?
- Bruce [Schneier] is always a great source, as is Stu from Knowbe4 but I tend to seek out specific information on topics rather than to focus on a few bloggers.
- What keeps you up at night in the context of the cyber environment that the world finds itself in?
- Although I personally don’t have problems sleeping I worry about where this might all end up. There needs to be some fundamental changes, but I don’t see them happening. More security products clearly aren’t the answer, yet VC clamour over themselves to invest in yet another great solution when we already have 100 other similar solutions. Not enough people are entering the security profession. Few organisations are embracing digital risk in a way that would help to turn the tide against cyber crimes. I could go on but I hope I have made my point.
Thank you kindly Graham Mann for taking the time out of what must be a busy schedule to answer our questions in such a salient way.
Interviewee: Graham Mann,
CyberSpace Defence Ltd.
Graham Mann – Biography
What drives me is an insatiable appetite for working with clients to protect their business from the ever-changing risks of doing business in a connected world. Digital assets in all types of organisations across the world are being stolen daily through the explosion in cyber-crime. In contrast to this, there are now many 1000’s of security products available, from 1000’s of vendors but we are inherently more insecure. There are some 400 IAM products to choose from but few can name more than a handful; do we really need more? There are more than 100 security analytics companies sprung up in the past couple of years but we are oblivious to them.
My personal view of the problems surrounding our current cyber security situation is that there are multi-faceted but it comes down to one thing; a lack of end-to-end security management. CyberSpace Defence Ltd was created to solve this issue. We must make everyone’s life easier through automation and by providing easy access to cyber security solutions.
My passion is in making a significant contribution to the overall cyber health of organisations worldwide. This will be achieved through education and the understanding that everyone has a security responsibility. Our boards must become more knowledgeable and orchestrate top down reforms to how we manage our digital assets. They must do more to safeguard the data that they are custodians of from the proliferation of innumerable attacks, whether cyber-borne or internally orchestrated.
Specialisms: Enterprise and corporate sales management; Channel strategy, management and development; Strategic marketing, direct marketing, business development; Strategic alliances; Business start-up; market development; Information [cyber] Security; EMEA management experience; and Training.
You can contact Graham on LinkedIn here.