cyberdemic-nodates-01.png

Elliott Masie hosted a briefing on Cyber-Demic -a digital pandemic -
for our Learning COLLABORATIVE members.

Here are a 17 minute video briefing on Cyber-Demic, our graphic on the topic and a curated set of notes on the discussion that follows.

00:00 / 17:48

Cyber-Demic PodCast

cyberdemicmap1.png

Our Cyber-Demic conversation is not about fear: it’s about readiness!

 

Here are three follow up action items for going forward:

 

  • Replicate this conversation in your organization. Consider these elements:

    • How are you prepared and preparing your employees for the likelihood of a cyber-demic?

    • What has your organization learned from the pandemic that could be applied to readiness for a cyber-demic?

    • Are there other organizations in your area who share a technological footprint that you can collaborate with?

    • How will you communicate a breach to employees?

  • Volunteer to think with us about how to introduce this conversation into L&D, which should be thinking about this topic and bringing in other entities along the way.

  • Share organizational approaches to cyber-demic readiness.

 

Summary of Group Discussion:

 

  • Are content providers paying attention to this topic?

    • When they do talk about it, they are very nervous. When we think about “data penetration”, we need to understand how identities are masked in certain environments. It would be great to bring providers into our future conversation about cyber-demics, and there should be a national informal group that’s ready to jump in and address these kinds of issues when they occur.

 

  • The financial industry has many regulations related to cyber issues, so how to prep and protect data is a current focus and has been for quite some time. How do we define a cyber-demic so it’s not seen as a one-off incident?

    • Vulnerability on a meta level is so high. We need to consider the implications of adding other currencies (e.g., bitcoin) as well as paying ransoms.

 

  • We need to prepare people mentally, emotionally, attitudinally that this will probably happen, no matter how careful we are. Every employee needs to be “with us” and not of the mindset to just leave it to IT to figure out. Having Y2K flashbacks!

    • One organization built up a second response ability (a call-in # that employees could use to receive a message from their leader).
       

  • We don’t really know how systems we depend on outside the organization are handling and backing up data – regardless of what they say. Rarely is there a full “plan B” beyond a simple “restore” function for a system. Very concerning.

    • Trust means you’ll be able to get a reliable source of information.

    • Something else to consider is how the organization deals with vulnerabilities of multiple bandwidths of remote workers.
       

  • There can be pushback from IT about what’s truly critical to restore immediately during a cyber-demic. Learning might not be a priority.

    • We need a 360 perspective on what a cyber-demic is, along with a user view.

    • We must consider how to deal with stress and rumor-checking, and build trust around this conversation.
       

  • Governance is so critical, and it’s limited across lots of organizations around technology. In the pandemic, there was so much creativity, but it often went undocumented. A cyber-demic isn’t an “if”: it’s a “when”, so governance is critical. Also, employee engagement is critical, especially as they deal with customers.

    • Perhaps there is a role for a Continuity Officer/Team (maybe not full time) who can consider how learning, IT, risk management, and operations all work together for preparation.

    • Simulations could be run. Some CEOs wished they’d had trial run WFH days before the pandemic to make sure everything worked right.
       

  • Include your high school and college age kids in this conversation and educate them about the vulnerabilities that exist.