Winter 2020 Issue
Ilia Kolochenko, CEO of High-Tech Bridge (now ImmuniWeb), an award-winning cyber security company, said “Something is very wrong with cyber security”. One challenge with cyber security today is that many organizations believe it’s only about the technology. In reality much more is involved; consideration of the human and process, management and governance elements are often missed by senior leadership. Cyber Safety Culture is essential to fill this gap.
The cyber security industry is in need of a major re-think. Billions are spent on thousands of technology products while criminals continue to profit from cyber-attacks. Equifax and Capital One are just two dismaying examples. Why do security breaches of private customer data like this continue given the resources that large companies have to combat cyberattacks? Is it just the cost-benefit analysis? Some suggest that it is cheaper to pay for the effects of a breach than to prevent one. This is not a legitimate perspective when it comes to our identifiable confidential data.
A quick Google search generates some very concerning statistics indicating two sectors of the cyber economy that are doing very well. One is cyber security products and the other is hackers. Worldwide spending on cybersecurity is estimated to top $1 trillion for the five-year period from 2017 to 2021, according to Cybersecurity Ventures (Herjavec Group). Gartner estimated $93 billion for 2018 and predicts 12%-15% annual cyber market growth. As early as 2013, the Europol Serious and Organized Threat Assessment reported that cybercrime was more profitable than the illegal drug trade globally. Barracuda reported that in 2016 one unknown ransomware actor made $94 million in profit. Cybercriminals could be raking in profits up to 20 times greater than the cost of their attacks, according to 2014 figures compiled by Kaspersky Lab experts. They compared the cost of the most frequently used hacker tools with the money stolen in a successful malicious operation.
How is it possible that losses are getting bigger in spite of the billions devoted to cyber security products? Why do the risk and exposure continue to increase? A likely explanation is the Innovation-Adoption Life Cycle, which describes four phases typically experienced by innovation adaptors: the “Technology Trigger”, the “Trough of Disillusionment”, the “Slope of Enlightenment”, and the “Plateau of Productivity”. The dismal results in defending cybercrime mean that innovators, who had the courage and foresight to jump into cyber security as early adaptors, are currently experiencing the “Trough of Disillusionment”.
We can extrapolate this to explain the general consternation in the market worldwide. The chart below, based on the adaptation of the Technology Adoption Curve in Geoffrey Moore’s book Crossing the Chasm, was published by Christopher Burke in Quora in July 2014. It clearly illustrates where we are in the Cyber Security marketplace:
Why are we stuck in this chasm? There are several factors contributing to this predicament:
Something has to Change, Right?
The good news is that there is a growing awareness of the risk among corporate leaders. Cyber risk was ranked number two of all risks by CEOs in the KPMG 2018 Global CEO Outlook. Some experts believe the former dismal outlook is improving slightly as companies are waking up to the likelihood of an attack.
It’s possible that we could be looking at cyber security the wrong way, and many organizations’ focus on building higher and stronger walls is only one piece of the puzzle. It’s time to think differently about cyber security.
Safety Culture Works
Our research has found common examples of safety culture in several industries. We can learn from them and apply them to transition to a Cyber Safety Culture.
As early as 2012, it was identified by the Australian DOD Cyber Security Operations Centre that 85% of cybercrime could be mitigated from what are called the cyber security “hygiene” factors. Bad hygiene includes sloppy password protection, inaccurate counts of computer assets and poor patch control. Countering these behaviours is very effective and relatively simple. Would you agree this is an astonishing number given the current focus on expensive complex technology solutions?
A colleague told me a story about hospitals in Australia trying to combat the spread of the flu by educating the public using detailed rational scientific explanations about viruses. Nothing happened. So, they gave up on that and launched a “Wash Your Hands” campaign and infection rates plummeted. This is now ingrained in our habits and culture. It is simple, straightforward, cost effective and it works. This demonstrates the power of culture change – the same concept that we need to combat cybercrime.
This story inspired me to promote Cyber Safety Culture. I believe Cyber Safety Culture is the missing link in our current approach and is the fundamental change required to combat cybercrime more effectively. And we have to build it collaboratively everywhere – not just in North America but around the world.
Creating a Cyber Safety Culture
In a nutshell:
The market needs leaders who will use this new approach, leaders who know the status quo is not an option. Here’s what you must do:
In short, leaders need to create a Cyber Safety Culture.
A part 2 of this series on cybersecurity, focusing on implementation of a Cyber Safety Culture, will be published in an upcoming issue of Consult.
Janet Cloud is Co-Founder and COO of Smashblock, a high-tech startup. She is a board director and accomplished senior technology and operations executive with global experience in medium to large companies. She was VP Operations & Technology at Advantage Group International, where she delivered digital products world-wide. She spent 10 years as EVP at TNS Canada/TNS U.S. (TNS Global) running Operations, Technology and transformational cross-border initiatives. With broad experience in banking, securities, consulting, B2B relationship management, market research, technology and digital products, Janet has transformed global organizations by inspiring high-performance teams executing digital innovation. For more information, visit: www.smashblock.com