It’s a war out there. Malware forms are proliferating and growing ever-more sophisticated. IoT and software and hardware innovation are creating new capabilities, while also resulting in new gaps and vulnerabilities. And massive information breaches have enabled cyber criminals to create rich profiles of consumers, as well as identify pressure points for senior leaders across industries.
In fact, cybercrime is slated to hit $6 trillion dollars annually by 2021. Anyone can witness the real-time bombardment of cyber assaults on maps like Norse. It’s alarming – and it’s getting worse, day after day.
There’s seemingly nothing to be done – or is there?
Here are three ways to combat cybercrime:
1. Throw more talent and technology at the problem: As cybercrime escalates, so should enterprises’ response. One common solution: Do more of everything. Cybersecurity spending will skyrocket to $1 trillion by 2021, as companies hire top talent, including elite white-hat teams that hack their own companies’ networks, and invest in technology systems like security incident and event management (SIEM) systems to monitor networks edge to edge. The goal: To get smarter about finding the proverbial needle in the haystack.
But is it working? We’ve seen account after account of cyber breaches caused by human error, such as failure to patch systems on a timely basis or turning off the torrent of alerts caused by SIEM. Then there are massive hardware issues that catch us by surprise, such as Intel’s revelation that its chips were vulnerable to the Spectre and Meltdown vulnerabilities. And now we’re seeing a rise in file less attacks, which lower the barrier to entry and bypass security systems more effectively than malicious executable files. There’s simply no guarantee that crackerjack talent or shiny toys with new bells and whistles can meet the latest generation of threats. The cracks are already showing.
2. Improve cyber governance. To fight cyber war, you don’t need a gun or bullets: You need a strategy, a plan, and guidance from war-savvy generals who are leading the battle from the front. This requires the cooperation of the entire C-suite. If CEOs aren’t aware of the need for cyber governance – and they should be – security leaders need to close the gap and elevate cyber risk to the board level.
There are many ways to describe cyber governance. Here’s a simple one: Cyber governance is the creation and application of methodologies, rules, programs and policies applied holistically across the enterprise to assess and manage cyber risk.
The Intellicta platform fast tracks the activation of cyber governance with its risk framework and helps the non-technical executives in the c-suite get up to speed. This is not just another toy – Intellicta is a risk dashboard that layers over your other systems, business processes, regulations, and more to give you a holistic look at risk, security, compliance and governance. It analyzes risks and vulnerabilities, assigns them a score, and gives them a price tag. Imagine knowing at one glance that ransomware is a $10M threat, an end-of-life system is creating a $30M exposure, or password-based logins are creating a $250M risk. Wouldn’t that help guide your thinking? Wouldn’t that shape your strategy, investments, and roadmap?
While investing in good cyber governance takes time, talent, and yes, investment, there is no time to waste. Cybercriminals are getting smarter, and you need to fight an air battle, not a ground war.
3. Get control over AI: AI is heralded as the shiny new savior of cyber security. Leverage analytics, automate processes, use machine learning to get smarter and smarter, and poof – cyber risks be gone.
But, let’s not kid ourselves. The bad guys already have access to AI technologies and gargantuan amounts of data required to cause havoc on AI routines.
Those of us in cyber security know AI is a big boon to our industry, especially when it can make intelligent defense decisions on humans’ behalf, but it is not our salvation. Here’s why.
AI is already being used for analytics, but it must be taught to get smart on various use cases and ignore false positives, which takes time. As we’re deploying it on processes, gaining more expertise, and extending it across use cases – cyber criminals are, too. It’s not that farfetched to imagine real-time wargaming with enterprises’ best talent using AI to identify and eliminate cyber attacks that cybercriminals have identified, designed, and launched with AI.
When it comes to that level of hand-to-hand combat, you are going to wish you had risen above. You are going to need a framework and a platform to have eyes on the skies on all your threats and deploy your best talent and technology on the most important ones. You are going to have to make critical decisions and triage. Not every risk is worth fighting, but the important ones demand everything you’ve got.
So why not start now? Contact TechDemocracy to learn more about cyber risk governance and Intellicta, our real-time enterprise risk intelligence and assurance platform.
Cyber risk is a war – build your war machine today.