Post

Cybersecurity has an observability problem

Posted
By Ryan Aspden 3 min read

It is a curious thing to watch my daughter use technology. It’s apparent that we’re not only creatures of habit – monkey see, monkey do – but we’re also creatures with an innate sense of what may hurt us, and what won’t.

Modern technology upends our innate sense of risk – we’re not wired to intuitively “feel it”. Put another way, cyber risk has an observability problem. The stats are there to back me up, every year cyber-criminals scam consumers (and businesses) out of millions of dollars – a quick Google search will reveal the numbers.

There is a very real human toll to all of this; as a society, it’s holding us back.

Cybersecurity needs more chainsaws!

An image of the accessibility technology at CES 2025

Put a chainsaw into the hands of an average person and they’ll instinctively know the risks – Cybersecurity needs to illicit a similar response.

Well, maybe not actual chainsaws, but we need a way to elicit that same ‘gut feel’ in people.

Chainsaws, just like computers, are incredibly powerful tools – They are a force multiplier that brings about huge productivity gains, but they are also a tool that can cause great harm. Place a chainsaw in the hands of most, and straight away they’ll intuitively understand the potential risk. Their eyes will be drawn to a long bar ringed with teeth, teeth that are designed to rip away at whatever they happen to fall upon. They’ll note the chainsaw’s handles and instinctively understand how this tool is meant to be wielded – long story short, this tool means business!

Regardless of whether someone has used a chainsaw before, most will be able to make that intuitive leap and envisage the potential risks. The cyber realm has risks that can be just as harmful as those of a chainsaw, yet many cannot make this same intuitive leap.

Why? Is it because of the overly complex, non-standardised, and at times, intentionally convoluted interfaces we’re forced to navigate? Or perhaps it’s the inefficient security workflows imposed by businesses that prioritise convenience over designing more intuitive – and more secure – solutions. Could it stem from blending business and personal activities online, leading us to treat all software with a casualness that underestimates the real risks? Or is it simply that cybercriminals have become exceptionally skilled at exploiting our vulnerabilities?…

How do we arm people to cut through the veil?

There isn’t a single solution that any of us could point to and say “This is it – if you fix this thing, then everything will be fine”. Equally, managing cyber risk isn’t about flashy gimmicks or cutting-edge AI. It’s about sticking to the basics – a well-balanced, practical approach to risk management.

So, how do we begin to turn the tide and equip people to better recognise and navigate the risks they face in our digital world? Drawing on my experience, I intend to share practical insights that can help boost cyber awareness, whether for yourself or others.

Since this is a complex topic, I’ll break it down into a series of small, actionable pieces throughout the course of 2025. The one thing that will bind this series together, so that you can follow along, is the tag #CyberObservability. This series will focus on three domains:

  1. Technology & Tools
  2. People & Process
  3. Policy & Governance

Follow the tag #CyberObservability to explore all articles in this series.

Cybersecurity, Risk Management
cybersecurity risk management cyber observability
This post is licensed under CC BY 4.0 by the author.