In 2018, as followers of Formula One (F1) will know, the fastest racing cars in the world got a controversial redesign. A new device was added to the cars; a curved bar or Halo, which was designed to protect the drivers’ heads in the event of a crash. The proposal was made back in 2016 and was universally condemned by the Drivers Association—Romain Grosjean (F1 driver and, at the time, Grand Prix Drivers Association Director) said, “Personally, I think it was a sad day for Formula One when it was announced and I am still against it.” Despite this rejection, safety concerns overrode objections, and the Halo was made mandatory from the 2018 season.
Why am I telling you this? It’s not just because at the British Grand Prix this weekend the Halo yet again saved three lives (most dramatically Zhou Guanyu, whose car flipped, hurtled upside down across the gravel pit before leaping over the tyre barrier to rest on its side).
According to the latest 2022 Verizon Data Breach Investigations Report (DBIR), 82% of breaches involve a human element. These elements include use of stolen credentials, phishing, misuse, or simply user error. These employees—the human element—are our racing drivers.
Like racing drivers, employees want to move fast, and they sometimes seem to charge headlong into risks in their quest to satisfy their ambitions and those of the business. As businesses grow and aim to “go-to-market” more quickly and efficiently with new products and digital services, this speed needs to be enabled but with security controls providing protective “guardrails” for the employee.
Since its introduction across open-wheeled sports car races, the Halo has been proven to save drivers from serious injury and even fatalities. 2022’s Championship contender Charles Leclerc walked away from a nasty crash in his first F1 season in 2018, after a car landed on his Halo (not his head). Images of seven-time World Champion Sir Lewis Hamilton parked up with rival Max Verstappen’s car on top of him, milimetres from his helmet, are still regularly shown in TV coverage of the sport. However, perhaps the most ironic example of its success was when it saved Romain Grosjean’s life in Bahrain—the car was sliced in two through a barrier, with flames churning around the vehicle, yet Grosjean escaped with only minor injuries. Grosjean has changed his stance on the Halo, now saying it saved his life and “it was the greatest thing brought to F1.”
It is clear; putting in a device “around the driver” that focused on protecting the driver—allowing them to take the necessary risks to get ahead—was beneficial to the teams, the sport, and the fans.
And as with racing drivers, again, so too with employees.
IT and security teams need to ensure that security is an enabler of speed and growth for their organisation; embracing digital and cloud. We need to let employees drive fast, while also keeping them safe from both traditional and new threats and risks.
Much like F1, an effective response is to create a “Halo effect” around every employee. The first step of this is to use a pop-up warning, or just-in-time education, whenever an employee makes a decision that introduces a risk. It may initially seem that this may be annoying to the employee, however with the correct implementation, the notification and coaching is only applied when a series of high risks are identified, minimising disruption.
Next, the same “Halo effect” can also be used to highlight and promote good behaviour and not just focus on the bad. At Netskope, we commend employees who take responsibility, action, and report when they see suspicious behaviour. Our products and services are built on ensuring organisations can safely and securely use the we