How to Beat Cybercrime | Vol. 2
Cyber Security is no stand-alone topic – it is woven into the fabric of organizations and businesses. Division within any company is detrimental to its safety!
CISOs and board members must work closely together to find a sensible solution in this complex environment.
In Volume 2 of "How to Beat Cybercrime", I explore how CISOs and boardrooms can work together to find a sensible solution in a complex cyber environment.
How companies approach cyber security differs substantially - why? A key consideration is that different enterprises evolve at different rates in terms of technology innovation.
More technology equals more vulnerabilities. More vulnerabilities equal more attacks that have to be addressed.
The implications vary from industry to industry - often uniquely, or at least in very different ways. For this reason, cyber security cannot be a "one size fits all" solution. Rather, it is important to understand the broader trends and derive individual measures. It is all about context and operational understanding.
Cybercrime Magazine has published some impressive statistics in this regard. For example, the global damage caused by cyber crime is currently estimated to reach around 10.5 trillion US dollars annually. In comparison, only 240 billion U.S. dollars per year are forecasted to be invested in corresponding countermeasures. A significant imbalance. In my opinion, companies are underinvesting and are being outpaced by the rate of change. 3.5 million job vacancies are testimony to this. Simply put, companies can no longer keep up with cyber criminals.
The damage caused by cyber crime is substantial – both nationally and internationally. Nevertheless, companies underinvest in cyber security. You might ask, "Why is this?"
It is not because companies fail to put forth effort. Many industries are actively building global communities of responders who identify and report grievances. This trend towards reactive response is based on awareness, training, and reporting, and it has intensified over the past five years. It is a beginning, but not the solution.
The true solution is understanding the greatest risk companies face – complacency.
Too often, companies believe they are safe even though they are not. Many leaders, or the companies they work for, do not inherently comprehend the level of risk and sophistication they are facing. They have a broad understanding at a strategic level but are lulled into a sense of complacency. The board room is significantly disconnected from the reality of the cyber security risks they face.
They believe it is sufficient to hire a CISO, build a cyber security team, deploy antivirus measures, or purchase cyber insurance. The projected global damage of $10.5 trillion clearly indicates these measures are not enough. If companies think they are safe when they are not, they are exposing themselves to significantly increased risk. I don't want to stir up fear - I'm just stating a simple fact. The moment any company, or anyone for that matter, thinks they are safe and lets down their guard is exactly the moment they become complacent and their risk increases significantly.
To combat cybercrime, companies must understand they are in a constant and never-ending fight – a continuously escalating exchange that is driven by the exponential rate of technological growth. The key lies in understanding the nature and scope of the fight and understanding the adversaries.
Or in Sun Tzu’s words from The Art of War:
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Sun Tzu's philosophy is still at the core of the solution. Companies must:
Recommended by LinkedIn
➕ acknowledge that they are in a fight.
➕ commit to winning the fight
➕ gain the required understanding, capabilities, and allies to win
If companies and board members develop the necessary awareness of their fight against cybercrime, commit to winning that fight, and ultimately build competence and strategic partnerships, they "[...] need not fear the outcome of a hundred battles."
CISOs bring the necessary visibility, understanding, and risks to the board. The board provides the operational relevance, business context, and strategic value of the assets to protect. Together they create a harmonized and pragmatic security strategy with strategically aligned countermeasures. By working closely with each other, they understand themselves, understand their enemy, and invest wisely to win.
Stay tuned! 👀
In Volume 3 of "How to Beat Cyber Crime", I will explain how Sun Tzu’s principle applies in today's modern business world.
Thought leader in cyber security with over 28 years of experience advising public sector entities, DAX-30 companies, and SMEs internationally.
Want to read Volume 1? Follow the link below.
Want to read Volume 3? Follow the link below.
Mike, you are absolutely right!