From the C-suite and boardroom to the supervisor on the floor, to governance committee chairs and risk oversight members and department heads - there are four things about the state of cyber risk and cybersecurity every leader must know for survival and success in 2018.
Cybersecurity for Leaders in 2018 - The Four Things to Know
These four broad topics are meant to categorize the issues we think should drive organizational decision making when mandating cultural adaptation "from the boardroom to the breakroom." These concepts should be applied across the enterprise beginning with "new school" cyber security awareness education, and reinforced through training and testing.
We have compiled this list for leaders in 2018 using our years in the field and thousands of hours working where the rubber meets the road - at the intersection of people, the technology they use every day, and the new cyber risks at hand. Our experiential knowledge, insights, proprietary data and analytical tools are all brought to bear for a succinct expression of our views for a next-generation approach to managing and mitigating cyber risk today.
#1) Cyber Risk Has Gone Existential
In March of 2016 when President Obama said ISIS was the "J.V. team" and didn't pose an existential threat, it turned out he was wildly off the mark. He missed the impact of the network, the internet - the game changer to everything. Terrorism leveraging the network makes terrorism look as never before.
The same goes for crime.
Our everyday environment, personally and professionally, is increasingly “connected” to the internet and vulnerable to attack by hackers and cybercriminals from around the world. Now, all versions of traditional crimes are being shadowed by their digital counterpart. Fraud, extortion, blackmail, hijacking, you name it, even street crimes like pickpocketing and purse-snatching have e-versions that are growing at rates not seen in their traditional approach.
Public and unprotected private WiFi networks are open doors to digital devices and the information they hold. Sophisticated criminal cartels are targeting hotel chains, upscale venues, and high-end residential neighborhoods, while street thugs and petty thieves are the digital age's version of the artful dodger pickpocket or purse snatcher in cafes, airports, public libraries and more. WiFI signal strength and reach as well as bandwidth capacity is increasing with wireless technology and further enabling criminal exploitation, but privacy and security of the networks still receive scant attention.
Internet of Things
Internet-connected ‘things’ – TV’s, smart homes and appliances, medical devices, security cameras and much more, are "aware" and "smart" and act as threat vectors that expand the attack surface for criminals beyond computers and phones. These internet-connected things aren't protected with antivirus software, they don't use a password, they don't have keyboards, and in many cases, we don't even know they are there.
Cyber risk has gone existential and every aspect of our lives is vulnerable. At the office, in the home, on the road - we must think well beyond what the IT department can do to protect.
But, while the new, existential nature of cyber risk requires individuals to be aware and protected, and to adapt cyber-hygiene behaviors and habits, the risk holder remains beyond individuals themselves. The risk may have been “democratized,” but the stakes still are shared institutionally. And only through an alignment of needs and a partnership between people and the organization, will either side survive or succeed.
This begins with education, training, and testing.
Education, Training, and Testing
Awareness education and training must transcend compliance and regulatory mandates to include personal internalization of the subject matter. Presenting fresh context and framework with subject matter content, including accountability measures, is crucial for success. Cybersecurity education is now about " from the boardroom to the breakroom, to the living room."
#2) It Will Get Worse, Before Getting Better
Cyber attacks, traditionally “black hat” activity like cyber espionage and warfare, are now predominantly motivated by financial profit. Since 2014, the rate of cybercrime has exceeded that of the traditional sort, and now extortion, blackmail, financial fraud, and theft have digital versions that dwarf their historical equivalents in scope and size.
Criminals from street thugs to sophisticated professionals are clamoring to get in on “the perfect crime.” Crypto-currencies are eliminating the need for laundering, fencing, or pawning, and are off the radar from law enforcement and tax authorities. Cybercriminals can perpetrate attacks from anywhere with no risk of injury or death, and without leaving evidence or a scene of the crime.
There is no end or plateau in sight for cybercrime’s rapid growth. Traditional criminal cartels and new cybercrime hacking syndicates are tooling for maximum exploitation, and we will see the next few years as the “golden-age” for criminals around the world. Additionally, with North Korea and the WannaCry ransomware assaults as a recent and poignant example, nation-states now see cyber attacks for profit as a perfect mix of inflicting socio-economic harm and raising funds to counter sanctions and the high cost of waging war.
#3) Your People Are Not Prepared
The democratization of cyber risk has quickly become more a matter for the governance committee than for the IT department.
It is digital technology’s nature to progress at exponential rates while we, as bio-organic humans, naturally adapt at a much slower pace. The gap between cybercriminal activity and sophistication and that of your partners, staff, vendors, clients, and family members is vast and expanding every day. And nobody understands this better than the cybercriminal as they exploit the chasm for all its worth.
Cybercrime is an early-stage symptom of the new digital age. Exponential progression of digital technology is driving uncharted levels of change and affecting every aspect of our lives. As leaders, we must provoke and stimulate individuals with greater context and framework for a deeper understanding of digital technology and how it applies to most all we do today.
#4) But It Is Manageable, and You Can Do a Lot About It
As daunting as the matter seems, cyber risk can be managed and significantly mitigated if you affect necessary counter-acting change.
First, transcend compliance and regulatory pressures.
The type and level of awareness and behavioral adaptation you seek demand individual internalization and should motivate in a fashion aligned with personal needs and goals. Consider the notion of “cybersecurity as an employee benefit” – one that enhances lives across the spectrum of daily activities, personally and professionally. This approach advances adaptation, agility skills, and long-term behavioral change.
Second, use the recent progress in cybersecurity technology to protect.
Beginning in about 2012 the cybersecurity industry was recognized as a growth business for the future. Since then, every year has seen record high inflows of fresh investment capital. The industry is stimulated and re-energized as smart capitalists and innovators are using new technologies in networks and software including clouds, AI and machine learning, and Big Data to increase efficacy and ease of use while decreasing costs. As a result, value in cybersecurity solutions will rise for many years to come
Conclusion; cybercriminal sophistication and success ride the arc of technology and so should our defenses. Today, managing and mitigating cyber risk requires a combination of education and solutions. And, it’s a mandate for tomorrow and the future for survival and success in the new digital age.
You can find out more about our "Cyber Security for Life" solutions and services by contacting us here: