by Dmitry Samartsev*
Ecosystems are our future. Humans are surrounded by networks of companies and governmental organisations, which are connected to each other and form even bigger ecosystems – which reach the country and global levels. With such interconnectivity, one vulnerable link can endanger every other element of the ecosystem and disrupt all operations.
Cyber leaders are the ones who can prevent this from happening.
New opportunities, new risks
The vast majority (96%) of economic sectors are being dramatically changed by the introduction of innovative technologies. Such disruption brings not only massive opportunities, but also new risks.
Companies planning for digital transformation must think about three considerations before making any changes:
1. Without proper introduction of new technologies and use of “security-by-design” approach, the risks of possible breach are skyrocketing. This puts in danger the confidential data of the organization and its clients.
2. New technologies require new skills and both technical and non-technical experts. If tech specialists do not know how to deal with new software in various situations, including a possible incident, or non-tech employees are not provided with the right guidance, such as password policy, there can be possible compromise or disfunction of the company’s operations.
3. Each company should have business continuity and disaster recovery plans. These should include a description of actions to be taken by top management and dedicated employees in case of APT (Advanced Persistent Threat) attack, data breach, ransomware incident etc.
These three considerations should be an integral part of the digitalisation strategy of every company. And those risks are not only technical risks to be taken care of by tech guys – they are business challenges that should be added to business risks profile and considered critical by private and public sector leaders.
The role of a cyber leader
Cyber leaders should be strategic thinkers, able to influence internal and external stakeholders while building a secure ecosystem. They should be masters of risk management and able to speak both technical and business languages to translate business needs into exact technical actions.
Speaking of internal stakeholders, the key goals are to:
-leverage cybersecurity to the board level,
-explain why it is critical to business development,
-make sure the company’s digitalisation and business strategies address cyber risks and include cybersecurity measures.
As digitalisation is still quite revolutionary for many industries – and cybersecurity is still considered “something technical” – sometimes it takes a lot of effort to persuade top management on these measures.
In regard to external stakeholders, the key goal is to foster collaboration between various stakeholders across various industries, between the private and the public sector and even among countries. Cyber resilience cannot be achieved if the company only protects itself; it has to ensure all connected organisations are compliant with necessary standards. Organisations also should exchange knowledge and experience, share information on common threats, talk to governments in order to facilitate adoption of standards and extend cooperation between countries. All of this requires cyber leaders to engage in such dialogues and connect tech experts with business people and government representatives.
3 pillars of global cyber resilience
Global cyber resilience is based on three pillars:
The first pillar, promotion of cyber awareness, requires cyber leaders to explain to the global community why cybersecurity is important, basic cyber hygiene rules and how to implement effective cybersecurity strategy in each organization.
The message: understand, start with yourself, implement in the organisation.
In today’s world, communication is often broken on the first part of this message. Cyber leaders should do everything they can to change it by talking to other companies, sharing their knowledge and experience publicly, and establishing and participating in leadership communities to reach the right audience.
The second pillar implies that necessary cybersecurity standards and rules should be implemented across companies, sectors and countries.
Many companies’ leaders who have not yet experienced a devastating attack sometimes don’t believe it can happen to them. They do not see value in investing to cybersecurity. However, in many cases, they don’t evaluate all the losses and long-term consequences a cyberattack can cause. And most importantly, they don’t take into account the risks they can bring to other organisations they are working with or are related to in any way.
Proper compliance standards and rules on the sectoral and governmental levels are necessary to overcome this challenge, and cyber leaders need to participate in creation and implementation of those regulations.
The third, the most important pillar is cooperation. Cybercriminals collaborate with each other, and share information and insights to launch massive and devastating attacks. Collaboration allows them to remain a few steps ahead.
Organisations across the globe need to exchange data on incidents and threats, work together on joint international measures and don’t let geopolitical turbulence stop this process. Cyber leaders are the ones who might advance cooperation.
In Sber and BI.ZONE, we understand the value of such approach. As the largest bank and technology ecosystem in Russia in CIS countries, we are a top target for cybercriminals and have to counter millions of cyberattacks every day.
We know how to do it – in 2020, we blocked 100% of attemptedscyberattacks — and we understand that our experience and knowledge maybe of great use for the Russian and global community.
That is why we actively participate in a number of non-commercial and governmental cyber-related initiatives, cooperate with organizations such as World Economic Forum and INTERPOL, and even create our own projects, such as Cyber Polygon training, which recently took place on 9 July for the third time.
*Chief Executive Officer, BI.ZONE
**first published in: www.weforum.org