Cybersecurity is a team sport

Over the last years, we have seen an unprecedented increase in the damages caused by cyber attacks. This is contrary to a large effort in Research and Development on the matter. With Digitalization transforming our industries, we need to improve our game on Cybersecurity – we need to tackle it as a team sport.

The nature of Cyber Attacks has changed in quantity and quality

The year of 2017 was a game changer for Cybersecurity. Several well-known attacks finally brought Cybersecurity into the headlines and underpinned, that Cyberattacks today are a fact of life. A look at the financial dimension makes this clear: Damages are estimated to more than 500 bn EUR in 2017. However, the loss in reputation caused by Wannacry, NonPetya or the Equifax breach might be far higher.

But it is not only the quantity of attacks that have changed. They also have a different quality. This is driven by two fundamental changes: (1) The ever-growing connectivity of devices beyond traditional IT networks – commonly termed Internet of Things (IoT) – and (2) a professionalization of attacks. Based on an emerging ecosystem around exploits and hacking tools, threat actors are increasingly working together.

Traditional approaches have not lead to satisfying solutions

While the best experts in various organizations are working on the matter, damages through Cybersecurity are only increasing, eventually reaching the industrial sector. And even though, it is increasingly clear to top management that Cybersecurity is becoming a strategic priority, the answers towards solving this matter still go missing: How can we counter the ever-increasing threat landscape? How do we need to change our processes? What is needed from an organizational / mindset perspective? Which technologies can help going forward? How do we guarantee a good level of trust? This quest for answers is to be found on a political, private and societal level.

Though various players have been researching on this matter for several years, even decades, finding answers remains a challenge. We are still missing a recipe, let alone a cook book for Cybersecurity in industrial contexts.

The core question is: what are the requirements and recommendations, which can help us secure our digital future?

We need to rethink how we tackle Cybersecurity

Since cyberattacks have changed in quantity AND quality, I think we have to react similarly. Not just in quantity (i.e., hours invested, experts involved) but also in quality. First and foremost: we need to exchange beyond our own organizational boundaries.

To do so, we need to rethink organizational boundaries. In the cyber world, boundaries are vanishing. Yet, we tend to still work in the boundaries of our organizations. And yes, working together beyond our own organizational boundaries is difficult. We have to overcome organizational inertia, navigating a legal framework that itself wasn’t build for this purpose.

But if we share the same purpose of securing our digital journey and find a common language, we do have a chance. The language we should speak is that of actually implementable solutions. And the ways we work together should go beyond exchanging threat intelligence – by also collaborating on an operational level. We need to involve others or at a minimum help them understand.

This is exactly what 16 organizations that lead in their respective field are doing in the Charter of Trust. Not only, did all of them commit to ten principles on Cybersercurity via their CEOs. Building on the notion that collaboration is key, they also bring their best experts to the table. They started to form a team that brings the motivation, the skills and the perseverance to engage in this challenge together and answer the most difficult questions on Cybersecurity.

Cybersecurity should be a team sport

So just like in sports, we need to form a team in Cybersecurity. It might be difficult, but worth the invest – after all, teams in sport prove that 1+1 can be more than two; they remind us, that for a good team, you need various skills and personalities; it is easier for a team to gain fans and followers; and finally: it might as well simply be more fun!

Find more of my topics on linkedin - www.linkedin.com/in/kai-michael-hermsen-6b4b9021.
For details on the Charter of Trust look here: www.charteroftrust.com