Today’s corporations, and nations for that matter, are caught between the hammer and the anvil. One side they face mounting economic and financial pressures. In order to stay solvent, companies must bring in revenue and are doing so through various means. Some of these methods of turning a profit involves possibly exposing themselves to threats. On the other side of the equation, is the need to protect themselves from cyberattacks. Since there is no standard method of attack, companies must be ever vigilant for any and all threats. This means that the company is in a position of continuous struggle.
Businesses need revenue to continue to exist, this is a fact of life for companies. However, businesses today are pushing the envelope when it comes to customer engagement and creating different avenues for customers to purchase their products or services. This increases exposure and multiplies the possible vectors of attack for cybercriminals. On top of this, cybersecurity is not a revenue generating part of the business. In fact, it consumes resources so it is not generally looked highly upon, but to dismiss its importance would be to court disaster. The future may rely on redefining the relationship between cybersecurity and its role in the company.
The first step is not to focus on the solution, the cybersecurity measure, but rather the problem, the various ways that companies are being exposed. There are the traditional ways; phishing, outright hacking, malevolent employees and pure ignorance. However, as companies seek different avenues of engagement so to are they opening themselves to new avenues of attack. Take the supply chain for example. What used to be a paper and phone call process has now become more integrated. Now supply and distribution are almost exclusively dealt with and processed online. Using this network a cybercriminal doesn’t need to attack a company directly. They can just piggy-back on the communications and data being transmitted between the various companies up and down the supply chain.
In this technologically fueled age, companies are being forced to take their business online lest they lose customers and revenue. The amount of company data being digitized and being uploaded online into the cloud has been increasing at an exponential rate. Which means that for hackers and cybercriminals, the pot is getting sweeter daily. On top of this, companies are being pressured to become more transparent, to be more open to both their customers and regulators. This is all well and good, but doing so will require them to shed layers of security which previously insulated their data.
Then there’s the attackers themselves. These are not you oldschool burglars in masks, skulking around in the dark. The modern malevolent cybercriminals is highly sophisticated, highly trained and likely very educated. They can strike from nearly anywhere in the planet at any given time. While brute force system penetrations are in their repertoire it is not their sole weapon. In fact, today’s hackers are increasingly relying on tactics which exploit human behavioral flaws rather than technological shortcomings.
In light of this, what is a company-of-today to do? The answer is to look at the issue of cybersecurity as part of a revenue generating business, rather than viewing it as a money sink. Yes, investments need be made, resources allocated and money spent wisely on security solutions. But it must be understood that in doing so, that business and the company will be better off for it. There is a growing trend of CEO’s who are choosing to play a more active role in the company’s cybersecurity. CEO’s whose task within the company is usually to forge ahead and continuously seek to grow the company by any means necessary, are now willing to take a step back and rather than focus on solely developing new business and seeking new money they are looking to retain business and protect the money in the bank.
The result of actions like this have begun to trickle down, and the outlook is good. Companies have begun the arduous task of classifying their data so that protection can be more easily prioritized. While the patching and updating of technological vulnerabilities is still on the table (and will never likely leave), there is a new focus on ensuring the safety of critical business processes (e.g. credit card transactions and data).
Striking the delicate balance between cybersecurity and the ever present need to grow a company is a difficult battle to fight, but it is not only a worthy battle but an essential one. In order for a company to face the years and decades ahead in relative safety, they must be willing to adapt to change. And they must be willing to do so as fast as possible, for the sake of their customers, their data, their profits and their very livelihood.
