Game of Unknowns? What history can teach us about cyber security

The language of cybersecurity is akin to warfare. Companies are frequently ‘under siege’, attacks are ‘thwarted’ and ‘havoc is wreaked’. And, to be fair, the seriousness of an attack cannot be overstated – even recently, we have seen evidence of what can only be described as ‘company killing’ events, which have crippled businesses.

The numbers are indeed worrying. The Hiscox Cyber Readiness Report 2019, which surveys cybersecurity professionals in the UK, US, Belgium, France, Germany and Spain found that 61% of European and US businesses reported a cyber security attack in the last year, compared to 45% from the previous year. And like traditional warfare, attackers have had specific strategic objectives – perhaps as straightforward as direct financial gain, or the theft of intellectual property, others less clear, like widespread disruption that shuts down operations.

Pleasingly, cybersecurity has improved a great deal and many businesses have robust systems in place to prevent the impact of huge cyberattacks we became familiar with in the noughties (such as Code Red or Slammer ) but that’s not to say we’re home and dry by any stretch of the imagination. This kind of ‘ransomware’ attack (where criminals will quite literally hold a company to ransom by denying it access to its own systems) is rapidly on the increase and can immobilise pretty much any business in operation today – both directly and indirectly.

However, like all battlefields, the world of modern business is built on risk and understands that balancing exposure to it with the benefits gained can be necessary. Attention to cyber-security at every level is simply the price we collectively pay for the superb efficiencies we gain through digitisation, and the active survival of an organisation is something that we can – and must – all take responsibility for. This may sound like a complex endeavour, but the same principles that will keep your business safe today could have come straight out of Game of Thrones:

‘The enemy of my enemy is my friend’

Criminals have great impetus for innovation, they are fast and responsive. When we collaborate against cybercrime and reach out across organisations to pool learnings from attacks, we will make faster progress in discovering new defences. A great example of this is when Norsk Hydro fell victim to a breach, they invited the BBC to document how they outsmarted the attackers, giving a global platform to their knowledge.

"The price of greatness is responsibility"

Everyone has a part to play – even those who are not strictly part of your organisation. A cultural shift of accountability across partners and your supply chain is absolutely essential to address any potential weaknesses in the collection IT ecosystem. For example, it might be shocking to learn that many firms may have a single admin password for all desktops and laptops, a practise that can let malware spread like wildfire inside the company.

"To be prepared for war is one of the most effectual means of preserving peace."

Nothing is safe from vulnerability and taking a complete view of the risk is essential to understanding where change is required. This is not simply about having a plan for if the worst happens. It means attending proactively to the day-to-day cyber hygiene of an organisation and thinking beyond data storage to the less-considered elements of your security, such as poor security practice in your teams or even a slapdash approach to disposing of printed matter. Look after your health and it will look after you.

In short, everyone at every level needs to play their part in understanding the issues, playing their part to keep the organisation safe and being accountable for their actions. It’s not news, but history has proven that it’s a strategy that works.