Stories: your organization’s best (evolutionary) defence against cybercrime
Blog posted by: Jerome Vincent, 25 October 2017.
Cybercrime is a lucrative business. And not just for the hackers. The figures of how much the cyber security market is worth – and will be worth – vary, but they’re all huge. It’s said that $75 billion was spent in 2015. That by it’ll be $155.4 billion in 2019. Maybe $231.94 billion by 2022. Any advance on $231.95 billion?
Apart from the fact that those forecasts seem way too precise, the figures hide a simple problem: organizations of all kinds are focusing too much time on technology. Cybercrime isn’t only a technical problem. Anti-virus software and elaborate technical defences can’t get around the simple fact that most cyber breaches are down to people making mistakes. Clicking on the wrong thing. Falling for social engineering. Being curious.
There’s little emotional context to organizational resilience. Sure, we worry about our personal devices – a little – but we’re still careless with how we access and share sensitive information. I know I am. I bet you are too.
Writing AXELOS' Whaling for Beginners
When I was asked to write a story about a man who fell for a ‘whaling’ attack (phishing targeted at a high-ranking executive) I imagined there would be a lot of stories in a similar vein. There weren’t. Most cyber security training for ordinary employees (i.e. non-IT people) was a series of do’s and don’ts and technical explanations that were either a little patronizing or too technical to be engaging.
I wrote Whaling for Beginners – a four-part series of short books, three of which have been published by AXELOS RESILIA™, with the last one forthcoming – to try and ground the whole issue of cyber resilience in human experience and emotion. All crime is, for the victim at least, emotional. Loss of goods or information hurts our egos, our very souls. We feel duped or stupid. We feel violated. That’s true of a burglary as well as a raid on your private data inside a computer or a device.
The importance of stories in cyber awareness training
But, stories are rarely used in the training that people get on the subject. There should be more of them. Not just because I tell stories, but because stories are what make us human. We spend our lives immersed in them: from our families, on TV, in newspapers, magazine and novels, and, increasingly online. We binge-watch Netflix series, we stream movies, download episodes of programmes we were too tired to watch the night before so we can catch-up with them on the commute into work... We never stop seeking out stories. And it’s not just entertainment. It gives us an evolutionary advantage.
Brian Boyd, Distinguished Professor in the Department of English at the University of Auckland, agrees with me. Well, I agree with him. His book, On the Origin of Stories: Evolution, Cognition and Fiction, shows how stories bring us together – think campfires on the savannah in prehistoric times – to form stronger groups that follow rules and mores inculcated by communal stories about good and evil. Stories are fundamental to way we learn – not just language but social relations and hierarchies, how to think through problems, what to do and what not to do, and how to face the world as we find it.
How telling stories can help fight cybercrime
All those elements make up most of the plots you can think of. Some people say there are only seven stories anyway. Stories rouse our emotions, teach us how to engage with people who want to help us, and those who threaten us as individuals, families or social groups.
Cybercrime touches on all those things. Even if we’re not that attached to the organization we work for, we understand that a threat to its wellbeing is, ultimately, a threat to ours. A story gets that across much more effectively than a memo or a PowerPoint presentation.
So, you can use evolution to help defend your business and empower your staff by telling them stories.
About Jerome Vincent
Jerome Vincent has been a script and copy writer for many years and has written widely about corporate technology issues for many of the world’s leading multinationals. He has also written copy and films for heritage sites and museums, including Hampton Court Palace, The House of Commons, and The Tower of London, amongst others.
Want to read the Whaling for Beginners series?
You can find out more about our first three books on our Whaling for Beginners page.
You can also visit AXELOS.com/resilia-frontline to download our free brochure with more information on our cyber security awareness training modules.
Latest News from
Creating specialist skills in the service management office20/12/2021 13:20:00
Blog posted by: Kirandeep Singh Kalra – Continual Service Improvement (CSI) Lead, 17 December 2021.
Organizational Change Management (OCM) – a tool for service managers16/12/2021 13:20:00
Blog posted by: Kevin Jones, Senior Advisor, Beyond20, 14 December 2021.
Service management now and in 2022: training and adapting to change07/12/2021 13:20:00
Blog posted by: Adam McCullough, Principal ITSM Architect, 07 December 2021.
Upskilling in projects and programmes the virtual way02/12/2021 13:20:00
Blog posted by: David Smallwood – Director, e-careers, 01 December 2021.
Service management now and in 2022: making digital transformation work01/12/2021 13:20:00
Blog posted by: Sophie Hussey, Head of Service Management, Lowell, November 30, 2021.
Service management now and in 2022: fewer baby steps to transformation30/11/2021 10:20:00
Blog posted by: Chris Gallacher – principal consultant, Forrester Research and contributing author to ITIL 4 Digital and IT Strategy, 26 November 2021.
Project and programme management now and in 2022: a resilient approach29/11/2021 13:20:00
Blog posted by: Martin Stretton, Transformation Programme Director, NFER, 25 November 2021.
Service management now and in 2022: switching on the lightbulb25/11/2021 13:20:00
Blog posted by: Jonathan Wafford, Global Service Delivery Lead, Capgemini Government Solutions, 23 November 2021.