I discussed with our Head of Cybersecurity Business, Markus Asikainen, and two of our cybersecurity consultants on how a cybersecurity expert operates responsibly in their own work, and how Gofore supports this important work of the experts.
Digitalisation inevitably shapes our society and business models. Promoting it offers numerous opportunities, but at the same time raises ethical questions. Cybersecurity is a crucial aspect of ethical digitalisation, as the actions of a cybersecurity expert directly impact the security and privacy of customers and end users.
The responsibility is emphasised in cybersecurity testing/exercises that simulate real attacks, where the tester often discovers even serious cybersecurity vulnerabilities and may gain access to information that is not intended for them. Such exercises are characterised by the fact that the majority do not even know that they are participating in the exercise, which increases the responsibility of the cybersecurity expert even more. Unnecessary harm must never be caused to those participating in the exercise, and if they are exploited, for example, in carrying out a data breach, this must be handled professionally.
Cybersecurity work has already for quite some time played a significant role in public sector organisations, where the security and reliability of services are extremely important. However, the importance of cybersecurity and its ethicality is constantly growing in the industrial sector as well. So how can a cybersecurity expert operate as responsibly as possible?
1. Establish clear ground rules with the customer
Especially in the work of a technical cybersecurity expert, it is essential to be precise and planned. Before starting the work, it is important to undergo a thorough planning phase with the customer to clearly define what is allowed to be done in the customer’s systems and what is not. In this way, it is ensured that the work is done on legal grounds and in an ethically sustainable manner.
2. Prepare in advance for potential problems
In addition to the ground rules established with the customer, it is necessary to prepare together in advance for potential problems and how to recover from them. If something goes wrong, it has to be communicated openly and honestly to the extent required by the damage. A cybersecurity expert must be ready to take responsibility for their actions and the consequences of them.
“Effective communication and good collaboration are key to developing secure digital services together with customers.”
3. Remember responsibility even in your free time
Especially a technical cybersecurity expert must be able to understand the broad effects of their actions and operate accordingly in a professional manner, avoiding unnecessary harm. The responsibility also extends to free time – an ethically operating cybersecurity expert does not misuse their skills even after working hours. As in consulting in general, things seen in the assignments are not discussed outside of the assignments either.
4. Stay up-to-date by developing your skills
Continuous skill development is also an important part of ethical cybersecurity work. A cybersecurity expert must stay up-to-date in the changing threat environment and technological development, while being aware of the related opportunities and challenges. For example, evolving technologies such as artificial intelligence can serve as effective tools, but at the same time, their usage also brings with it its own ethical dilemmas.
How can the employer support the work of a cybersecurity expert?
At Gofore, we strive to support our cybersecurity experts in making ethical choices in their own work, for example in the following ways:
- The starting point is always that our experts can stand behind the values of the customer company. Supervisors and colleagues support experts in evaluating assignments also from an ethical point of view, in addition to our actual ethical evaluation.
- Supervisors and business leaders are responsible for ensuring that the conditions for ethically sustainable work are in place.
- We have information exchange channels, where colleagues can easily share updates on current phenomena.
- Based on the future outlook of the industry and business priorities, we train our experts on new requirements brought about by changing regulation and evolving technology, and how these affect our customers. Especially in long-term customer relationships, the customer also provides training and guidance on changes related to their operations.
In conclusion, ethical digitalisation requires careful consideration, responsible action, and continuous learning from cybersecurity experts. Together, we ensure that we can serve our customers in the best possible way, while also bearing ethical responsibility for our actions and their impact on society.
Also read the previous part of this blog series: