Cybersecurity is a team sport
Over the last years, we have seen an unprecedented increase in the damages caused by cyber attacks. This is contrary to a large effort in research and development on the matter. With digitalization transforming our industries, we need to improve our game on industrial cybersecurity – we need to tackle it as a team sport.
The nature of Cyber Attacks has changed in quantity and quality
The year of 2017 was a game changer for cybersecurity. Several well-known attacks finally brought cybersecurity into the headlines and underpinned that cyberattacks today are a fact of life. A look at the financial dimension makes this clear: Damages are estimated at more than 500 bn EUR in 2017. However, the loss in reputation caused by Wannacry, NonPetya or the Equifax breach might be far higher.
But it is not only the quantity of attacks that has changed. They also have a different quality. This is driven by two fundamental changes:
(1) The ever-growing connectivity of devices beyond traditional IT networks – commonly termed Internet of Things (IoT) – and
(2) a professionalization of attacks. Based on an emerging ecosystem around exploits and hacking tools, threat actors are increasingly working together.
Traditional approaches have not lead to satisfying solutions
While the best experts in various organizations are working on the matter, damages through cybersecurity are only increasing, eventually reaching the industrial sector. And even though it is increasingly clear to top management that cybersecurity is becoming a strategic priority the answers towards solving this matter still go missing:
(1) How can we counter the ever-increasing threat landscape?
(2) How do we need to change our processes?
(3) What is needed from an organizational / mindset perspective?
(4) Which technologies can help going forward?
(5) How do we guarantee a good level of trust?
This quest for answers needs to be executed on a political, private and societal level.
Though various players have been conducting research on this matter for several years, even decades, finding answers still remains a challenge. We are still missing a recipe, let alone a cook book for cybersecurity in industrial contexts.
The core question is: what are the standards and recommendations, that can help us secure our digital future?
We need to rethink how we tackle Cybersecurity
Since cyberattacks have changed in quantity AND quality, I think, we have to react accordingly. Not just in quantity (i.e., hours invested, experts involved), but also in quality. First and foremost: we need to collaborate beyond our own organizational boundaries.
To do so, we need to rethink organizational boundaries. In the cyber world boundaries are vanishing. However, we still tend to work in the boundaries of our organizations. And yes, working together beyond our own organizational boundaries is difficult. We have to overcome organizational inertia, navigating a legal framework that itself wasn’t built for this purpose.
But if we share the same purpose of securing our digital journey, and find a common language, we do have a chance. The language we should speak is that of actually implementable solutions. And the ways we work together should go beyond exchanging threat intelligence – by collaborating on an operational level. We need to involve others or at least help them understand.
This is exactly what 16 organizations, the leaders in their respective field, are doing in the Charter of Trust. Not only did all of them commit to ten principles on cybersercurity via their CEOs. Building on the notion that collaboration is key they also bring their best experts to the table. These leading organizations started to form a team, that brings the motivation, the skills and the perseverance to engage in this challenge together, and find solutions for the most difficult issues in cybersecurity.
Cybersecurity should be a team sport
So just like in sports, we need to form a team in cybersecurity. It might be difficult, but worth the invest – after all, teams in sport prove that 1+1 can be more than two; they remind us that for a good team you need various skills and personalities; it´s easier for a team to gain fans and followers; and finally: it might as well simply be more fun!