Topics in this article
The past 18 months have been a rocky road for cybersecurity. Organizations have faced unprecedented threats at extraordinary volumes. A recent report by Hiscox found that 28% of organizations affected by cyberattacks were hit more than five times in a year, 47% more than six times and 33% more than 25 times – that's an average of twice a month.
Now, put this battle on the global stage with countries entering the realm of cyberwarfare. Nation-state-backed cyberattacks are on the rise, increasing in sophistication and shifting in objectives. Be it for profit or information, the cyberconflict is underway and will affect every organization and individual on the planet.
Not all data is created equal, but the data that offers up information and intelligence is of value to everyone. Valuable data runs the gamut from information about buying patterns to consumer behavior, intellectual property, trademarks, research materials and business intelligence.
The war for data has already begun.
Data remains the organization's most valuable asset. It's the extensive research that resulted in a product or a life-saving treatment. It's the movement of people and their patterns of behavior that can be used to influence elections and choices. And it has already been used to wage war on human sentiment and to achieve goals for organizations and states that suit their purposes. Owned, controlled and managed by large organizations across the world, data is not just an identity number – it's a key. And the doors it unlocks should often remain closed.
Data is a commodity and needs to be managed ethically. Just look back at the influence that Cambridge Analytica had on individual decision-making. They used big data and analytics to shift people's perceptions in specific directions. People are susceptible to changing their ideas and can be easily manipulated, and even with growing awareness, this remains a viable threat to citizens and countries alike.
A recent study undertaken by Universidad de Deusto in Spain found that algorithms can easily influence people. They are deftly led down a clear path with breadcrumbs leading them all the way to the final decision – one that the AI, and its owner, wants them to make. This is just the tip of the iceberg. Intellectual property (IP) is also at risk, and the theft of critical data that allows for one organization to skip the research and development phase fundamentally changes the economic dynamics of the final product.
Just think, if an organization in one country can simply swipe the data from a organization in another and then go ahead and create the product without the spending, they will immediately undercut the price. On the nation-state front, the impact is even more insidious; one country could gain the profit and the presence, undercutting another country in one simple hack. This is why protecting data has become critical.
Nation states are there to protect their key resources and know their citizens; organizations have a responsibility to protect their employees and sensitive data; and both are under immense pressure.
There is a shared responsibility in terms of ensuring that cybersecurity is optimized and capable – nobody can afford to leave this to someone else. It must be managed by organization and by country, which means getting your security hygiene right, and right now.
Avoiding a data-led world war
A recent McKinsey analysis of organizational cyber maturity underlined three things:
- Cybersecurity is a journey
- Plans are critical to success
- Poor maturity affects performance
It also emphasized the importance of recognizing that not all data is created equal and that some assets are “extraordinary”.
Tick the boxes and take a more sophisticated view of cybersecurity. Ensure you have resourcing and teams that can follow different scenarios, and use purple team testing – a mix of conventional blue/defensive teams and red/hacker teams to create a purple team capable of deeper analysis and preparation.
Then remember, this is not about defending borders but about defending information and putting controls around that information to protect it from internal and external threats.
What lies ahead in the murky realm of the future has yet to be decided, but the invisible threats, attack vectors and global cyberthreats are in play. The lines are being drawn, the attacks planned and the data identified.
What happens next is uncertain, but what happens now is not. It’s up to each of us to understand the risks and protect our data and assets as we would anything of substantial value – with trusted, robust and intelligent security that is deliberately designed to adapt and evolve in order to meet the threat.
Neal Botje is Principal Practice Head: Cloud Security at Dimension Data