Cyber-attacks are emerging more and more but recent developments have suggested that a potential solution rests in accountability.
With the advancement in technology, It is a growing reality that nothing in the digital world is immune to cyber threats. These threats may be coming from hackers, terrorists, foreign governments, business rivals, or maybe even unhappy customers.
Confidentiality, Integrity, and Availability (CIA) are the basic principles of the Information Security Triad. These tenets are defined by the International Organization for Standardization (ISO) standards. However, almost all the cyber threats target these qualities of organizational data.
Unfortunately, the big data collected by many organizations and agencies rests on a multitude of databases. These databases are mostly managed by third parties. As a result, it makes the data more prone to cyber theft.
According to a report, people are more likely to experience a data breach as compared to catching the flu. The former has a chance of 27.9% while the next one stands between 5-20%. The report further suggests that the total cost, per-capita cost, and the average size of data breach have all increased over the years. The average total cost of a breach is about $2.2 Million for almost 10,000 compromised records. It reaches to $6.9 million for more than 50,000 records.
Furthermore, a mega breach can make up to a whopping $39.49 million. These huge numbers of amounts suggest how costly it can be for organizations to lose data.
Open Source is more Vulnerable to Cyber-Attacks
As more and more organizations are shifting to open source, it is creating more problems. About 75% of open-source codebases had at least one public vulnerability, as per the 5th edition of Synopsys’ Open Source Security and Risk Analysis (OSSRA) report.
Less common cyber crimes like zero-day vulnerabilities are also increasing. In addition, a zero-day vulnerability is a threat which ignores the user and exploits the application attributes to create a security breach.
This makes it clear that it does not matter how many layers are designed for security. Because they are simply not enough to roll down the threats. However, the power of accountability might be an answer to all these threats.
How Accountability can help in tackling Cyber-attacks?
Accountability means an obligation to accept responsibility and accounts for one’s actions. With increasing cyber thefts, organizations are shifting their focus more towards threat detection followed by threat prevention, response, and mitigation. This shift creates the need for accountability to further tackle the cyber-attacks.
Due to this, John G. Miller’s Question Behind Question (QBQ) tool comes in place.
QBQ focuses on asking the right questions which can help in effective thinking and acting following a cybersecurity breach. Miller suggests that instead of “Why”, “When”, or “Who” questions we should be asking questions with “What” and “How”. Miller says that the first type promotes victim-blaming and procrastination mentality. While the later type promotes open-mindedness and change embracing approach.
Miller has also suggested advantage principles which focus on personal accountability. He thinks that organizations are in need of such principles which include learning, ownership, creativity, service, and trust along with strategic questioning.
Miller’s Advantage Principles
The principle of learning aims to equip knowledge and intellectual growth. Learning QBQs might be;
- “What can I do to keep my database secure?”
- “How can I apply key cybersecurity measures?”
The principle of ownership accounts for addressing cyber threats immediately and strategically. For example;
- “How can I help to address cyber threats?”
- “How can I contribute to security solutions?”
The principle of creativity helps users and organizations to find innovative ways. This contributes positively to addressing cyber attacks. Its sample can be;
- “What strategy and plan do I have to prevent a security breach?”
- “What steps can I take to move forward?”
The principle of service is based on the core Air Force value. It has its foundation on “service before self” value. QBQs for this can be;
- “What can I do to understand others’ cybersecurity needs?”
- “How can I serve the team by adhering to cyber threat policies?”
Lastly, there is a principle of trust with an advantage of the continuation of service. Sample QBQs for this principle can be;
- “How can I enhance the organization’s efforts in cybersecurity?”
- “How can I campaign for cybersecurity while building a relationship with my colleagues in the organization?”
Moreover, these principles and questions can help users and organizations a lot. If users and organizations incorporate this approach in their work, then they can protect their information. They will also support the goals and objectives of their organization. As a result, a stronger sense of responsibility can be observed in the working environment.
Overall, this ensures that cybercrimes can be tackled easily. However, innovative methods are needed to fight cyberattacks in the world.