In your opinion, what is the top cybersecurity concern the world will face in the following decade?
The obvious concerns, DDoS/Virus/Trojan/etc.., become more sophisticated but remain concerns none the less. However, I believe one of the the biggest concerns in the coming years is failure from the c-suite to “invest in sufficient cybersecurity.” Technology is perpetually growing as is the amount of e-waste that is created. What the c-suite sees is money being wasted. “If it ain’t broke…” is likely their mission statement. The problem is that if the cybersecurity program is good at what they do it is hard to show a need for more investment in the program because the results are “no attacks today and everything is working” and that’s it. but the reason everything is working is because the program is working. If the program is hamstringed by stagnation or lack of investment, the threats become more probable. Cybersecurity was once described to me like this: Cybersecurity is like castle walls, royals are the c-suite, and the people are it’s data. So long as the data isn’t harmed the royals see no need in building a taller wall. But what they don’t see is the invading army building taller ladders. The defenders on the wall see the threats as they are on the frontlines, but the royals don’t nor do the people.
After Reading the KMPG report which of the five mistakes, do you think, is more common in an organization/business of your choice? Which of the three options would be more challenging in taking action (risk assessment, changing organizational culture or determining budge?
What I have to go with is anecdotal, but from my time in the military, recruitment/hiring of the best professionals is one of their biggest faults. They constantly try to find the best not realizing or taking for granted that they can literally create some of the best; talent comes from all walks of life. Fostering an environment for growth is just as much a leaders responsibility as it is the responsibility of the learner. The military loses so much talent due to poor/toxic leadership. Then they try to replace those positions with someone equally qualified vice bringing someone up to fulfill that role. When trying to hiring contractors they usually go through a company that also looks only for the best and brightest but the compensation is not nearly as lucrative as a private sector job so they military will get the cream of the crop of those that want to be part of that crop and not necessarily the best of the best. Again, this is purely from my POV while I served. Actual results may vary.
https://assets.kpmg/content/dam/kpmg/pdf/2014/05/cyber-security-not-just-technology.pdf
Where should the power and responsibility of national governments begin and end in cyberspace? Where does the responsibility of private firms begin and end in cybersecurity?
I believe each nation should have the power to protect its domains and citizens from enemies both foreign and domestic. Classically, Air, land, sea, and space were the domains that our nation sought control over to maintain an edge on adversaries. In 2004, the Joint Chiefs of Staff introduced Cyberspace as a domain to operate within. With that addition by the JCS, it then became the government’s responsibility to maintain and protect it with the same vigor as the other domains. And while our nation has its allies, we should not solely rely on them to tend to the national security gaps of our domains. We work together but must first focus on protecting our interests.
Most businesses are charged with turning a profit. Should the consumer lose trust in the business they will fail. Therefore, private firms must begin by working within the established guidelines and standards to ensure compliance. Their responsibility ends at the security of the data they handle, securing it in as financial a way possible.
As an aside, the BBC wrote an article on the US that appears to be part economical, part cybersecurity. It seems like a strategy that limits competitors and threats access to our emerging/advanced tech from being copied/stolen/compromised.
https://www.bbc.com/news/62803224
In your opinion, what are the benefits of looking at cybersecurity from an economics perspective?
The economic benefits of cybersecurity are immense as it has created numerous jobs for the protection end users and organizations. Additionally, the advancements made in research and development to prevent data from getting in the wrong hands is ever increasing. The industry itself is continually growing because of our reliance of the internet and everything related and connected to it. In 2020 when the world went into work from home mode it forced companies to rethink their approach to cybersecurity; people had the protection of their organizations IT department within their building so they let their guard down when they started working from home. This new found perspective lead to an increase of cybersecurity positions and an increase that will continue to raise as the bad actors continue to attack networks. So long as there is a network (from LAN-WAN), there will always be a need to pay for it’s security.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3568830Links to an external site.
https://www.forbes.com/advisor/education/cyber-security-salary-outlook/Links to an external site.