The New Rules Of Cybersecurity

The man who built the U.S. Army’s cyber command says online threats are going get worse before they get better. But that doesn’t mean leaders are powerless. Here's how to protect your information and leave no data behind.

The man who built the U.S. Army’s cyber command says online threats are going get worse before they get better. But that doesn’t mean leaders are powerless. To win, focus on your culture and your people to create a sense of urgency to protect what you value and ensure you’re ready for the threats focused on you. Some hard-learned lessons from the war for cyberspace.

My 37-year career in the U.S. Army spanned the digital revolution we continue to experience today. From being assigned to the Army’s first digitized division to leading the army’s human resources command during a time of war, to creating, in 2010, a global command with 17,000 cyber professionals charged to not only conduct defensive operations, but when directed, to be able to do offensive operations, I witnessed and helped lead the transformation of our military into a new age.

Over that time, the ability of cyber threats to try to take advantage or limit America’s ability to conduct uninterrupted operations—both militarily, and commercially—increased dramatically. Yet, until recently, many leaders assumed that, despite the occasional interruption, these adversaries would not have the ability to seriously interrupt operations. We took our freedom to operate in cyberspace for granted. That assumption is no longer true. There is a growing threat from sophisticated cybercriminal networks and individual actors that might have a political cause or something that they want to try to impact through cyberspace. Most significant are the growing cyberthreats from nation-state actors—especially Russia, China, Iran and North Korea—that have the potential to commit not only cybercrime or espionage, but launch disruptive and potentially destructive attacks.

Iran’s capability, in particular, has grown significantly from a 2012 attack on the U.S. financial sector. Iran is no longer only taking a disruptive approach; it now has destructive capability as well. North Korea has also demonstrated a growing ability to successfully target institutions around the world. America’s sophisticated, networked critical infrastructure—our financial institutions, our electrical grid, our telecommunications sector—also make the U.S. potentially vulnerable to nation-states as well as cyber-terrorists who have a clear intent to do us harm, but only lack capability for the time being.

“YOU WILL NEVER ELIMINATE ALL RISKS BUT YOU CAN FOCUS ON WHAT
MATTERS MOST TO REDUCE RISK.”

Our ability to operate in cyberspace from now on will be predicated on our ability to defend and conduct appropriate cybersecurity—if we expect military operations to continue, or we expect businesses to bring the value that we intend.

Cybercrime Will Continue to Explode
The bad news is that it is going to get worse before it gets better. Cybercrime is going to explode as an industry. In addition to today’s sophisticated cybercriminal networks, technology is converging to the point where any individual can easily take advantage of tools to do something to others that would put them at risk. Almost half of all breaches result from criminal or malicious attacks already, and as the tools to commit cybercrime become easier for individuals to use, it will create an increased number of new opportunists seeking new markets and new partners, creating more threats across the world.

The Internet of Things (IoT) in particular brings increased opportunity for cybercriminals. IHS forecasts that the number of IoT devices will grow from 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025.

It is already relatively simple for even unsophisticated adversaries to take control of IoT devices and harness their computing power as part of a botnet, significantly increasing their ability to disrupt a company’s online operations by flooding its network with data in a denial of service attack. But the growth of IoT also dramatically increases the threat of direct penetration of corporate networks, especially through supply chains and third-party relationships.

As IoT and frictionless machine-to-machine data flow becomes ubiquitous, corporate leaders will see their cyber risks grow substantially. Where is all that data from all those IoT devices going? Who has access to the data in your company? Are those vendors and customers doing enough to secure their networks? These are the questions that will keep CEOs up at night and requires attention now.

Healthcare is a good example. The $28 billion global market for electronic medical records is expected to surpass $36 billion by 2021, according to Kalorama Information. All this sensitive personal information is a rich target for cybercriminals, and the number of IoT devices, including wearables and implants, is making it ever more vulnerable.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.