Why digital resilience needs human resilience

Written By Gregory Hibbett

Across the landscape of historic security breach incidents in Australia - Optus, Medibank Private, Latitude, Australian National University (ANU), Australian Parliament House, and many more there is a common theme. Despite millions spent on all the best laid cyber security technology controls the weakest link often lands in the same place it always has: PEBKAC. That is to say… Problem Exists Between Keyboard And Chair (PEBKAC).

Now to be fair, this is no longer just a condescending remark from the stereotypical elitist systems administrator with the loudest clacking mechanical keyboard in the office. It is a real and growing problem. AI is now elevating low-effort phishing and social attacks into highly convincing ones. We are on the cusp of widespread indiscernible AI voiced phone calls and live video calls imitating our friends and family.

So what can we do?

In my opinion, I think the answer is we need to become the most resilient cerebral humans ever. Because despite all the benefits of automation and AI, we cannot outsource our responsibility as a critical thinking human being. High trust societies like Australia have perhaps been comfortable for too long. Our systems reflect this zeitgeist and we pour millions into cyber security trying to achieve the opposite: Zero Trust architectures.

“despite all the benefits of automation and AI, we cannot outsource our responsibility as a critical thinking human being.”

For all the risk minimisation and mitigation strategies an organisation has, we are still beholden to the human element. Trends show a growing acceptance of AI in our daily lives and as skepticism is slowly replaced with lukewarm trust for AI, I cannot help but brace for an inevitable outbreak of security incidents. I strongly suspect the same outsourcing of trust in AI may erode our ability to detect scams, lies, and malicious intent.

An increasingly digital world and a generation where interactions are becoming primarily digital and transactional rather than interpersonal presents serious challenges for the future. Governments are racing toward impossible goals of misinformation control, using regulation as their go-to lever. But this risks eroding trust in democratic institutions. The real question is will a generation raised on controlled information be better or worse at detecting when something is awry?

Now I firmly believe humans are excellent at adapting and I still remain optimistic. I have met many fiercely bright young people who have given me hope that the world will be okay in the long run. However, I believe society has a duty to try to water the garden for the next generation and I have to believe there are ways forward without fulfilling the prophecy of the cult classic movies like “Idiocracy”, “Terminator”, or “Wall-E”.

AI regulation? Privacy legislation? Human resilience education? Maybe.

Either way we will need cunning humans grounded in real relationships and a strong appetite for truth. It all comes back to building human resilience alongside digital resilience. An appropriate balance is needed and currently, I am not sure we have it right. How much do we invest in ourselves, invest in our people resources vs technology controls?

The problem being is you largely cannot outsource your human resilience problem, you need to invest in it. Whilst I love checking out the latest technology, the all too sweet promises of big tech is often just that - the icing on top of the burnt cake. I see a future where I strongly suspect the handshake is going to make a fierce comeback as the real seal of a human made deal.

In the end, remember we are all ultimately the ‘P’ in PEBKAC.

Gregory Hibbett
Previous

Such is life