An analogy for today’s companies combating cybercrime.
This is a part of a series trying to bring lessons learned from my time in the Navy as a pilot to address the extreme issues we are seeing today in companies around the globe.
There is a saying in Navy squadrons ‘Everyone is a Safety Officer’. It essentially highlights the importance of safety around the carrier and how this cannot be relegated to one person or a safety team. It is EVERYONE’S job to CONSTANTLY looking for where the next accident will happen and step in to break the chain of events. Even today my kids hate that I am always calling out ‘potential accidents’ that I ‘just can see happening’. Training is burned deep in a pilot’s DNA :)
I think the origins of this concept stemmed from a terrible accident in 1967 on the USS Forrestal in the Gulf of Tonkin during the Vietnam War.
In short, a Zuni rocket accidentally launched on the flight deck and slammed into planes at the bow that were carrying 1,000 lb. bombs. Just 1 minute and 36 seconds later, as the two valiant fire teams tried to put out the fire, a bomb exploded. This sadly wiped out nearly all the trained fireteams. Unfortunately, fire training for all crew was not mandatory at this time and the untrained deckhands had to learn on the fly how to fight this huge fire. A total of 10 bombs exploded causing an amazing amount of damage to the ship, killed 134 sailors and nearly sunk the ship. For the full story see here, https://en.wikipedia.org/wiki/1967_USS_Forrestal_fire
As you can image, there was an investigation with findings and suggested fixes covering all kinds of areas. One learning in particular that was identified was the need to provide mandatory fire training for all crew members of a ship. In essence, ‘Everyone is a Firefighter’ on a ship.
Carrying this into the safety area, everyone working on a carrier flight deck is trained, regardless of your job description, to look for things that are unsafe. If you do see a potential problem, you need to act to stop a potential accident.
This horrific story can be related to today’s onslaught of fraud and cyber security issues which are hitting firms. If you ask employees in most companies who is responsible to protect the firm, people will mention the security team. True, these trained professionals, with an array of detection and cyber tools, are there to stop major incidents. But think about it, do we really think this small team (like the firefighters on the Forrestal) are really going to able to fight every attack?
I would argue that firm’s security culture needs to be ‘Everyone is a Security Officer”! There is cyber training and ongoing phishing training for staff, but to really make this work, everyone in the firm needs to consider cyber security as being part of THEIR JOB.
Let’s leverage the lessons learned that unfortunately 134 sailors had to give their lives for back in 1967.