Continuous cyber-attacks represent a growing concern in our business and personal lives. Countering the increasing number of assaults and their ever-growing complexity is no easy call. In fact I recently shared my view on this topic with the Financial Times in a Letter to the Editor entitled “Unite against the cybercriminals”.
History has shown us that no matter what you do to secure your place – house, castle, town or even a full country – there is always a way around by those who seriously seek to harm and who will eventually find and exploit.
Why is this? Simply put: it’s the economy, stupid! Or, better, the money to be gained quickly and apparently with not much effort. Indeed, consider one simple fact: the value brought to the Internet is growing exponentially, and the Internet economy – now larger than that of Spain – surpasses global industry sectors such as agriculture and energy. The Internet is pushing a significant portion of economic growth.
A recent report by McKinsey has for the first time tried to measure the impact of the net economy on the GDP of the G8 countries, plus the BRIC countries (Brazil, Russia, India and China). Findings tell us that in the global Net’s growing ecosystem of suppliers, U.S. companies play leading roles in key sectors, while China and India rank among the fast-growing players in the Internet’s global supply chain. It is companies in more traditional industries, however, that capture 75% of the benefits.
Therefore, the stake is huge, and no wonder many are keen to consider cyber criminality a viable option, especially in a situation of legislative uncertainty, and patchy levels of maturity and understanding of the problem at a national, corporate and personal level.
The outlook? Expect yet bigger numbers of attacks going forward. Threats will not go away. We have invented a (brave) new world, and there’s no easy exit option available. Therefore, we have to learn to deal with the problem; which, incidentally, has so far been considered largely a technical one. Only now, after we suffered some 56 million attacks in 2010, are we starting to realise that eliminating threats is impossible, so protecting against them without disrupting business innovation and growth is a top management issue.
I believe that the recent attacks of Stuxnet and Duqu – which have given rise to so much buzz, but we know that newspapers must sell … – are nothing special, as they represent yet another alarming epiphany of (criminal) BaU: business-as-usual.
Cybersecurity – the protection of valuable intellectual property and business information in digital form against theft and misuse – should increasingly be viewed as a critical management issue: CEO’s and other senior executives should consider their priority to protect critical business information without constraining innovation and growth. Hence, the need for a business-driven cybersecurity model that indeed deserves being elevated to the honours and responsibility of a permanent component of any enterprise’s strategy.
