How can organisations understand the causes of cyber attacks?

Ransomware

PhD Student Clare Patterson talks to Dell Technologies on their Need to Know podcast about how organisations can learn to understand incident causation and the underlying causes of a cyber attack

Listen to the full podcast on Spotify

Clare gained a Masters in Information Security in the 1990s, when the organisations principally interested in cyber security were the military and banks. Over the last 30 years, she has worked as a consultant and then in industry and last year decided to take time out to study a postgraduate degree in Cyber Security at University of Kent. Her research focuses on how organisations can learn more from cyber security incidents.

The Need to Know series invites leading cyber security specialists and experts to probe into issues and share best practises to combat current and emerging cyber security threats. On this episode of the podcast, Clare talks about her current research into how organisations learn from incidents.

This episode covers the common causes of cyber incidents. Where organisations are under significant pressure to deliver more at lower cost, with over-stretched teams. Although employees try their best, they are often being pushed to deliver more with constrained resources. It can be tempting for practitioners to be enticed by an illusion of ‘paradise by prevention where you have full compliance and full control. However, the requirement to have complete reliability on people and systems isn’t realistic in the world that we operate within. When it is understood incidents are enabled by flaws in the overall ecosystem rather than simply caused by one faulty component organisations can tackle the underlying causes to become more resilience. Good learning from incidents – needs leaders who involve the right people and set the right approach to learning.