The Internet, now enabled with nearly universal high performance, high reliability, and low-cost connectivity has and is enabling the transformation of every aspect of the human experience:
- Personal and Professional relationships are easy to establish and maintain. Market access and scalable service capabilities have never been so easy to achieve. Traditional barriers of space, time and capital have disappeared or diminished in all “developed” societies and rapidly disappearing in the “third world”.
- Everyone has the entire domain of Human information and misinformation, sound (and unsound!) advice and directions from our web device any time, information/data and, distressingly, private data at our fingertips.
- All manner of virtual organizations is enabled. No one must do everything for themselves unless they choose this path. Forming and dissolving partnerships is becoming easier – making more decisions “marriages of convenience” and less “strategic, long term commitments”.
- A key barrier to robust relationship mobility are data structures and coding values. The challenge of enabling easy, inexpensive, quick, reliable and seamless data transformation is under pressure but is still a major hurdle for organizations considering a change of partner.
- Another key barrier to relationship mobility, this one not technical but social, is workflow/retraining of staff. Mature organizations of scale have a huge investment in “process”. Retraining and change is expensive and potentially impactful to operating outcomes.
The Cyber World is structurally and pragmatically governed by infrastructure providers to enable interoperability, communication and connectivity. Geopolitical entities (governments) struggle for relevance and control in the virtual world even as the medium is exploited for their own agendas. They are virtually irrelevant to Cyber World.
We are all very much on our own in this ungovernable World. Every individual and organization must look to our own safety, security and privacy protection. Care must be taken to understand the inherent risks of leveraging convenient connectivity and access before exposing high value or regulated content through internet services.
Recognize that the nature of threats has and is constantly evolving. In the early days, threats were more about hobbyists and prank or crank small groups cooking viruses, denial of service attacks or network access hacks to disrupt a service. Today, these sorts of threats continue, but are overshadowed by better funded, systematic criminal and government sponsored actors. Criminal activity is focused on identity theft for various fraud schemes, scams and intellectual property pirating. Government entities are interested in gathering intelligence (political, strategic and economic), commercial value, and offensive capabilities.
Everyone is “hackable”, no one is safe or secure. If you are telling yourself you have not been compromised, you are probably mistaken. We all must invest and engage in self-defense, no one will do it for us.
- Active and passive defense: firewalls, encryption, regular cyclical scanning, blacklisting, behavior pattern monitoring/evaluation, operating system and software patching, anti-virus, two factor and biometric identity verification are all examples.
- High value data content management – avoid personal identification of data wherever possible. Encrypt data in flight and at rest. Do not make it easy for critical data to be breached.
- Breech readiness: data backups for recovery should be regularly tested. Legal, ethical and brand protecting process preparedness is essential. Know the law, liabilities and compliance requirements. Know your customers – what will they expect? Know the press, there will be coverage, so have your messaging ready. Be technically ready – build capable internal teams but have access to highly credible outside help. This is no time to be proud or over confident. Have a proactive relationship with FBI Cyber Crime teams.
All this sophistication is complex and expensive. While every company should have a security officer and at least some internal competency to evaluate and govern cyber threat programs, cloud-based infrastructure providers are increasingly available and adept at serving many cyber threat management needs. Consider that effectiveness with security and privacy is not just another “added, billable service” that can enhance revenues for a cloud provider. Every cloud provider must be able to demonstrate strict controls if they are to earn the business of a sophisticated buyer. Corporate data integrity, privacy and security are critical entry requirements for any move to host services off premise.
The challenge after an event is to recover and restore trust! Responsible leadership works proactively to prevent breeches, recognize them if/when they occur anyway, and are well prepared to handle an event, when it happens.
Contact BrightWork Advisory, LLC to design a security engagement to meet your needs.