THINK LIKE A HACKER
Tarek KUZBARI
Empowering organizations across Emerging Markets | LBS Alumn | 30 under 30 | Top 25 most powerful executives in Middle East | Top executive in the cyber security industry in the Middle East
Threats from cyber attacks are growing in number and intensity worldwide. Every year, hackers produce some 120 million new variants of malware. Several billion data sets are breached. Moreover, companies report thousands of attacks every month, ranging from the trivial to the extremely serious. Think WannaCry, NotPetya, Meltdown, and Spectre.
Until recently, the primary targets of cyber attacks were financial firms and governments. Today, the threat is universal, for companies and customers alike. Little wonder that risk managers now consider cyber risk the biggest threat to their business and that some companies are investing up to half a billion on cybersecurity.
In the digital age, distinctions among physical and information security, business continuity management and data protection, and in-house and external security are obsolete. Cybersecurity should encompass it all.
It also bears emphasizing that the insider threat via a company’s employees (and contractors and vendors) is one of the most significant unsolved issues in cybersecurity. It’s present in 50 percent of breaches reported in a recent study. Companies are undoubtedly aware of the problem, but they rarely dedicate the resources or executive attention required to solve it.
Monitoring technologies are a start, but their effectiveness increases when combined with more active approaches. Among these is micro-segmentation—homing in on “hot spots” of risk—and moving to a predictive posture, which allows the identification and disruption of insider activities much earlier in the threat lifecycle.
More broadly, the most crucial factor in any cybersecurity program is trust. The board needs to trust senior management to have a strategic, long-term view. Business units, including the IT and cybersecurity teams, need to trust each other enough to agree on how to deploy a security plan. Also, companies must trust external partners, like cloud vendors, not to let bad guys in the back door.
However, senior business leaders and the board seeing cybersecurity as a priority only when an intrusion occurs, while the chief security officer and his team view security as an everyday priority.
Then, agree on your organization's crown jewels—proprietary intellectual property, customer data or other—and make sure people across the organization have bought into the protection priorities. In this battle, spending more isn't necessarily spending smarter.
Companies would do well to adopt a new posture—comprehensive, strategic, and persistent. In my work with leading companies across industries, and in our conversations with experts, a new approach takes root that can protect companies against cyber risk without imposing undue restrictions on their business. One of the guiding principles:
THINK LIKE A HACKER