THINK LIKE A HACKER

THINK LIKE A HACKER

Threats from cyber attacks are growing in number and intensity worldwide. Every year, hackers produce some 120 million new variants of malware. Several billion data sets are breached. Moreover, companies report thousands of attacks every month, ranging from the trivial to the extremely serious. Think WannaCry, NotPetya, Meltdown, and Spectre.

Until recently, the primary targets of cyber attacks were financial firms and governments. Today, the threat is universal, for companies and customers alike. Little wonder that risk managers now consider cyber risk the biggest threat to their business and that some companies are investing up to half a billion on cybersecurity.

In the digital age, distinctions among physical and information security, business continuity management and data protection, and in-house and external security are obsolete. Cybersecurity should encompass it all.

It also bears emphasizing that the insider threat via a company’s employees (and contractors and vendors) is one of the most significant unsolved issues in cybersecurity. It’s present in 50 percent of breaches reported in a recent study. Companies are undoubtedly aware of the problem, but they rarely dedicate the resources or executive attention required to solve it.

Monitoring technologies are a start, but their effectiveness increases when combined with more active approaches. Among these is micro-segmentation—homing in on “hot spots” of risk—and moving to a predictive posture, which allows the identification and disruption of insider activities much earlier in the threat lifecycle.

More broadly, the most crucial factor in any cybersecurity program is trust. The board needs to trust senior management to have a strategic, long-term view. Business units, including the IT and cybersecurity teams, need to trust each other enough to agree on how to deploy a security plan. Also, companies must trust external partners, like cloud vendors, not to let bad guys in the back door.

However, senior business leaders and the board seeing cybersecurity as a priority only when an intrusion occurs, while the chief security officer and his team view security as an everyday priority.

Then, agree on your organization's crown jewels—proprietary intellectual property, customer data or other—and make sure people across the organization have bought into the protection priorities. In this battle, spending more isn't necessarily spending smarter. 

Companies would do well to adopt a new posture—comprehensive, strategic, and persistent. In my work with leading companies across industries, and in our conversations with experts, a new approach takes root that can protect companies against cyber risk without imposing undue restrictions on their business. One of the guiding principles: 

THINK LIKE A HACKER


要查看或添加评论,请登录

Tarek KUZBARI的更多文章

  • Strategy, Never been as important as it is now

    Strategy, Never been as important as it is now

    The COVID-19 economic impact calls on leaders to step up on multiple fronts: attending to people's immediate needs…

  • EPP, EDR & XDR what is what

    EPP, EDR & XDR what is what

    Today, corporate endpoints represent one of the top areas of the security risk for organizations, accelerated by an…

    7 条评论
  • Great Cybersecurity readings for the Holiday

    Great Cybersecurity readings for the Holiday

    There are many sources of information for those working in or hoping to work in, the world of cybersecurity. Technical…

  • Never give up

    Never give up

    There is a prison that has an inmate population in the billions. It’s a prison without walls, without barbed wire…

  • Would IBM & Red Hat deal work!! I am skeptical

    Would IBM & Red Hat deal work!! I am skeptical

    IBM has recently announced the acquisition of Red Hat to be the largest software acquisition in history and represented…

  • ARTIFICIAL INTELLIGENCE

    ARTIFICIAL INTELLIGENCE

    Artificial intelligence is moving from the realm of science fiction to real-world adoption among private and public…

  • Main Players in Digital Brand Protection

    Main Players in Digital Brand Protection

    A strong brand creates a positive association between consumers and business, product or service. Branding is important…

  • Smart Contracts Advantages and Disadvantages

    Smart Contracts Advantages and Disadvantages

    “A smart contract is a computer program that directly controls some kind of digital asset..

  • Gitex 2018 - Cybersecurity - AI

    Gitex 2018 - Cybersecurity - AI

    When I walked around the exhibition floor at this week’s massive GITEX 2018 in Dubai, it was interesting to see the…

    4 条评论
  • Incentives: value creation OR value destruction

    Incentives: value creation OR value destruction

    One of the essential challenges firm faces is how to motivate firm employees to behave in line with stakeholder’s value…

社区洞察

其他会员也浏览了