Pages

31 July 2020

What History’s Greatest Minds Can Teach Us About Modern Cyber Risk Management

Nicholas Shevelyov
Source Link

When Covid-19 exploded around the world several months ago, most corporate-sector employees who were able to keep their jobs started working from home. Before the pandemic, the average corporate citizen would do most of their work in the office; in some cases, they would occasionally work remotely from a virtual private network (VPN). Now, however, much of the workforce is logging into work using their home routers. 

This has significantly changed the cyber threat profile for many organizations. As more of the population works from home on an extended basis, individuals’ home networks become bigger points of compromise for cybercriminals to target entire corporations. Many remote workers are sharing WiFi networks with their families or roommates; this comingling of the digital pipe can lead to an even greater number and breadth of exposures.

Martin Luther King Jr. famously said, “When evil men plot, good men must plan.” Because bad actors are always adapting to new opportunities, organizations must constantly plan ahead. Planning, then, must be conceived and practiced as an ongoing exercise. 


Because the future is unknown, and black swan events are always on the horizon, quick and nimble planning often matters more than the actual plan itself. As Dwight D. Eisenhower, Supreme Commander of the Allied invasion of Germany, said, “Plans are worthless, but planning is everything.” 

Dynamic Strategy 

Bill Belichick, the most successful coach in modern NFL history, learned from one of the greatest strategists in military history, Sun Tzu. Following the dynamic strategy outlined in The Art of War, Belichick creates a different game plan for each individual opponent, playing to their unique strengths and weaknesses. 

Belichick’s dynamic strategy has been so successful because it’s able to evolve with each season’s roster. “You can't win a war by digging a hole,” Belichick told NFL Network's Rich Eisen in 2019. “You gotta attack. You have to figure out where you want to attack, how you want to attack, and that changes week to week and game to game."

Sun Tzu said, “Every battle is won before it is fought” – a quote that was posted in the New England Patriots’ locker room. The idea that detailed and adaptive planning is not just half but perhaps all of the battle has served the team well. So exceptionally well, in fact, that we can apply this philosophy to winning battles off the football field, including in the realm of cybersecurity.

Adaptive Mindset

The French writer François Jullien spent most of his life living in China. His first-hand understanding of how Eastern and Western cultures take different approaches to solve the same problem is the foundation of his work, A Treatise on Efficacy. A truly global view of efficacy might be seen as striking a balance between having the structured discipline of a clearly-defined plan while being open to the opportunity for creative improvisation.

For example, one of the great strategic games of the West is chess. You have the board, the set of pieces and the rules for how to play. There's an opening, a middle game and an end game, and the strategy is relatively fixed. In the East, however, the more popular game is Go, in which you slowly, more abstractly circle your opponent. 

The ability to understand and adopt different mindsets is particularly relevant now, as we're living in such an unprecedented time. Collaborating with people who have fought through other earlier unprecedented catastrophes helps formulate a viable plan for today’s world. Understanding that we live in a global, digital economy, where someone sitting in another country can target your employees and therefore your entire organization, is the first step in formulating the layers of your digital defense.

Attack Vectors

Organizations need to clearly understand how their threat profile has changed since the onset of Covid-19, then ask, “How do we shift and evolve our risk posture?” MITRE is an excellent nonprofit resource for mapping the different attack vectors that can be used against an organization – as well as which threats may be more pronounced than others – at any given time. The U.S. government-backed National Institute of Standards and Technology has a set of critical security controls to help defend against these threats. 

Risk And Incentive

Charlie Munger, adviser to Warren Buffett, one of the most successful investors in history, said, “Show me the incentives and I will show you the outcome.” Human incentive drives so much of human behavior. This is why organizations in highly-regulated industries that are incentivized to build their digital defenses were better prepared for the pandemic. 

Organizations in unregulated industries that have the choice to make a sale over investing in cybersecurity protections will almost always lean toward profit. Now, with the financial constraints that come with an economic shock, a perfect storm has developed, putting those organizations at most risk.

Crisis And Opportunity

These organizations should use the Covid-19 crisis as an opportunity to accelerate their digital transformation. Cloud adoption is not only cost-saving; it's a more secure way of doing business. Organizations that are under increased financial constraints can help themselves by doubling down on engineering cloud solutions, many of which are much more effective at defending against cyber threats.

Organizations should always ask the question, “How do we leverage crises to digitally transform and secure ourselves more effectively?” Adoption of cloud-native digital solutions that effectively protect organizations from cybercriminals might be one of the most valuable accelerators to come out of this pandemic.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

No comments:

Post a Comment