Data is the treasure that every nation covets, but are the walls high enough to mitigate the risks? Is cybersecurity ready for the third world war, fought on digital soil, asks Neal Botje, Principal Practice Head: Cloud Security at Dimension Data.
The past 18 months have been a rocky road for cybersecurity. Organisations have faced unprecedented threats at extraordinary volumes. A recent report by Hiscox found that 28% of organisations affected by cyberattacks were hit more than five times in a year, 47% more than six times, and 33% more than 25 times - that's an average of twice a month.
Now, put this battle on the global stage with countries entering the realm of cyber warfare. Nation state-backed cyber-attacks are on the rise, increasing in sophistication and shifting in objectives. Be it for profit or information, the cyberconflict is underway and it will impact every organisation and individual on the planet.
Not all data is created equal, that much is true, but the data that offers up information and intelligence is of value to everyone. Valuable data runs the gamut from information about buying patterns to consumer behaviour, intellectual property, trademarks, research materials and business intelligence.
The war for data has already begun.
Data remains the organisation's most valuable asset. It's the extensive spend on research that resulted in a product or life-saving treatment. It's the movement of people and their patterns of behaviour that can be used to influence elections and choices. And it has already been used to wage war on human sentiment and to achieve goals for organisations and states that suit their purposes. Owned, controlled and managed by large enterprises across the world, data is not just an ID number, it's a key. And the doors it unlocks should often remain closed.
Data is a commodity and needs to be managed ethically. Just look back at the influence that Cambridge Analytica had on individual decision-making. This company used big data and analytics to shift people's perceptions in very specific directions. People are very susceptible to changing their ideas and can be quite easily manipulated, and even with growing awareness around this, it remains a viable threat to citizen and country.
A recent study undertaken by Universidad de Deusto in Spain, found that the algorithm can very easily influence the human mind. They are deftly led down a very clear path, breadcrumbs leading them all the way to the final decision - one that the AI, and its owner, wants them to make. This is also just the tip of the risk iceberg. Intellectual property (IP) is also at risk and the theft of critical data that allows for one company to skip the research and development phase fundamentally changes the economic dynamics of the final product.
Just think, if a company in one country can simply swipe the data from a company in another and then go ahead and create the product without the spend, they will immediately undercut in price. On the nation state front, the impact is even more insidious; that country could gain the profit and the presence, undercutting another country in one simple hack. This is why protecting data has become absolutely critical.
Nation states are there to protect their key resources and know their citizens, organisations have a responsibility to protect their employees and sensitive data, both are under immense pressure. There is a shared responsibility in terms of ensuring that cybersecurity is optimised and capable - nobody can afford to leave this to someone else. It has to be managed by company and country which means getting your security hygiene right, right now.
Avoiding a Data-led World War
A recent McKinsey analysis of organisational cyber maturity underlined three things in red pen:
- Cybersecurity is a journey
- Plans are critical to success
- Poor maturity impacts on performance.
Tick the boxes, and take a more sophisticated view of cybersecurity. Ensure you have resourcing and teams that can follow different scenarios, and leverage purple team testing. This is a mix of conventional blue/defensive teams and red/hacker teams to create a purple team capable of deeper analysis and preparation. Then remember, this is not about defending borders, but about defending information and putting controls around the information so it is secure from internal and external threats.
What lies ahead in the murky realm of the future has yet to be decided, but the invisible threats, attack vectors and the global cyber threats are in play. The lines are being drawn, the attacks planned, and the data identified. What happens next is uncertain, but what happens now is not. It’s up to each of us to understand the risks and protect our data and assets the same as we would anything of substantial value – with trusted, robust and intelligent security that is designed deliberately to adapt and evolve in order to meet the threat.