Use your Brain! (...if you still can), USD 4.88m for the average Data Breach, Cybersecurity Supply Chain Flywheel Challenges
Carolin Desirée Toepfer
Chief Information Security Officer for Companies with 10-1000 Users | Founder @Cyttraction [Yes, it's my EdTech Startup!] | NEW Cyber & AI Security Course | Keynote Speaker | Digital Projects since 2004
"How do we find enough people with the ability of critical thinking?" was one of the more surprising questions I brought from this year's ISACA Europe Conference in Dublin. Next to cyber, resilience, regulatory and AI challenges, the lack of skilled brains was one of the biggest discussion points.
Use your Brain! (...if you still can)
Meanwhile I learned from the hype and implementation of AI for business, that not just critical thinking and experimentation is needed, but also data science and product building skills if you want to use your AI solution in teams and not just spontaneously on your own.
And the recently leaked TikTok study shows that many - unfortunately especially young people - might currently fry their brain that much with nonsense mini-video consumption that even AI cannot rescue their career.
As we focus at Cyttraction not just on learning offers yet learning success, we saw first marks for edutainment consumption without learning effects with TikTok videos in our research (including those re-posted on Instagram and YouTube Shorts). But what the currently leaked internal TikTok study shows is still shocking*:
While the focus of the study was on kids and teens, we have signs that this also goes for grown-ups. Including effects on learning, work life and career.
So on one side, people are killing their brain capacities, while on the other side AI tends to intensify societal problems - if not critically observed and addressed.
Like when Chanel Global CEO Leena Nair visited Microsoft to experiment with ChatGPT, asked the worlds most well-known AI model for a picture of the Chanel leadership...
...and received a picture of only men in suits.
How strange must this feel for a female CEO with 76% female employees?
(I also first thought it's social media fake news, but no. Fortune article link below*).
USD 4.88m for the average Data Breach
Critical brains might also be the only ones who could rescue companies these days - or at least help them to level up on cybersecurity.
While the world is still missing millions of skilled cybersecurity experts, AI and quantum attack scenarios as well as the regulator's supply chain logic might actually create needs for even more cyber and IT professionals.
Just recently, IBM research published new numbers on the actual costs of data breaches. An average one costs USD 4.88m. And numbers might rise, especially when the current regulatory initiatives around the world lead to higher penalty payments as well.
For outages it might be even more unpredictable. E.g. the Crowdstrike incident in mid-July 2024 piled up to USD 500m in costs for Delta Airlines only, after 40 000 servers have been affected, planes had to stay on the ground.
And that was "just" an update mistake, not even an attack.
Cybersecurity software providers are experimenting with AI as well, yet companies still want their business strategy, cyber project management and implementation managed and audited by experienced humans.
Not every company is critical infrastructure/ NIS2 regulated, but the reporting template of the EU NIS cooperation group gives some insights, what you should be able to find out quickly in a worst case:
领英推荐
Cybersecurity Supply Chain Flywheels
This is only possible with a working Information Security Management System and some critical brains in action*.
Not at least because of the regulatory flywheel going crazy at the moment.
Supply-chain logic is on fire globally. More and more companies are drowning in cybersecurity questionnaires from regulated clients and their subsidiaries.
Be careful whenever you get contract amendments or a "supplier questionnaire", "data protection terms" or "minimum cybersecurity criteria" from a client.
It might include everything, from data protection's technical and operational measures to strict cybersecurity rules and technical implementation policies up to resilience initiatives - from dedicated backups to regular documented restore tests they would like to see and audit.
Especially have an eye on terms mentioning financial implications. You want to make sure your cyber and liability insurance cover those before signing.
A shame that we didn't agree on a global standards for this paper work part of cybersecurity yet. Even less capacities for working on the most important - real cybersecurity implementation and company protection.
2025 Cyttraction Outlook
Next to client's cybersecurity upgrades, the annual update of our Cyttraction online courses is under construction. This time for the EU, US, UAE and India. Stay curious about:
I am also looking forward to more live keynotes and Hacker Thinking workshops with crisis communication trainer Claudia Scheffler-Perrone , virtual trainings and several content co-operations in English and German to come...
...stay tuned, feel free to write me for bookings and follow for updates! ;-)
You like this newsletter? Don't forget to subscribe! I am also always happy about comments, questions and messages!
Read on:
The BIG Q&A: Cybersecurity Measures & Strategy with a Small Budget, EU Regulations, NIS2, DORA and Certifications
Sources:
Chief Information Security Officer for Companies with 10-1000 Users | Founder @Cyttraction [Yes, it's my EdTech Startup!] | NEW Cyber & AI Security Course | Keynote Speaker | Digital Projects since 2004
4 个月...latest example: https://www.dhirubhai.net/posts/njgroene_this-is-the-scariest-halloween-news-here-activity-7258360851374469120-cJVU
Executive Training/Consulting ? (Crisis) Communication -Journalist- Lecturer ? Keynote Speaker ? Business Development ? Editor in Chief ? Featured on TV??
4 个月Finding people with strong critical thinking skills is indeed challenging, and this is something I observe frequently in the field of crisis communication as well. Critical thinking is more than just a learned skill; it requires an open mind, the capacity to question assumptions, analyze information objectively, and make decisions based on both logic and intuition. Critical thinking is essential in fields like communication, especially crisis communication, where quick yet thoughtful responses are vital; To address this, we must create environments that encourage questioning, adaptability, and continuous learning to strengthen communication effectiveness.