We've teamed up with the Data Protection Network and OneTrust to bring you a free in-depth report which explores GDPR's impact since it came into force. The report draws on insights from key rulings, the expert view of data protection consultants and the first-hand experiences of organisations which use data extensively. You'll learn about best practice, worst practice and what to expect in the future.
During the 365 days of 2017, the odds of you being struck by lightning were one in 960,000. Dating a millionaire? One in 220. In the span of that same year, your odds of experiencing a data breach were a bit better than one in four – 28 per cent.
I am not talking about experiencing a cyber attack. If you are online, you are under attack almost continuously. However, a breach is a cyber attack that succeeds in penetrating your perimeter defences — your anti-malware software and firewalls. Once inside your network, an attacker can vandalise, manipulate, steal or lock up data and demand a ransom to unlock it.
If a 28 per cent chance of something bad happening to you sounds frightening, you are not scared enough. The one in four odds apply to the year 2017, not to a five or ten-year period, let alone a lifetime. This means that, in the fullness of time, your network will be breached. It’s inevitable.
Cyber attack is a daily certainty, so a good perimeter defence is necessary. But it is not sufficient. In the Middle Ages, cities surrounded themselves with walls. Walls provided protection from the casual invader, but not the truly determined one. President Obama’s secretary of Homeland Security Janet Napolitano once scoffed at the idea of a border wall by saying, “Show me a 50-foot wall and I’ll show you a 51-foot ladder.” No wonder that, by the Renaissance, most cities were giving up on walls. Not only did they fail to defend against the most dangerous invaders, they impeded commerce with the rest of the world. Who could afford that?
Medieval towns were all about walling off and hunkering down. Renaissance cities were all about connecting and doing business. For their defence, leaders like the Medici family relied on armies, not walls. They accepted the inevitability of attack and so they prepared not only to fight back, but to prevail. In the meantime, the openness of Florence, the seat of Medici power, made it a vibrant centre of art, culture, banking and all manner of mercantile business.
The difference between a walled Medieval hamlet and an open commercial cultural centre like Renaissance Florence is the difference between ‘security’ and ‘resilience’, between a bunker and a marketplace. Practically speaking, the more restrictive your perimeter security, the less accessible your network is to others, including those who want to do business with you online. Thus, while necessary for any digitally connected business, perimeter security is a drag on doing business.
Since no digital network perimeter security system compatible with commerce-grade connectivity is bulletproof, why not follow the example of the Medici? Accept the inevitability of a breach and be prepared to fight it, to prevail against it when it comes, and to keep doing business while you are fighting toward the win. Spend less of your cyber budget on perimeter security and invest more of it in resilience. Digital resilience optimises both safety and business because it is not about doing security. It is about doing business securely.
Instead of cowering behind a wall and hoping for the best, those who lead digitally resilient businesses ensure that they know the strengths, weaknesses, gaps and vulnerabilities of their networks. They assess what threats are imminent or likely or possible. They understand the nature of the data that their network holds — which assets need to be most accessible to the outside and which need to be kept more closely. They design their security accordingly, avoiding the overkill that can rob a business of its competitive edge while reducing the exposure of sensitive data and valuable intellectual property, the loss of which may compromise reputation, brand and innovation.
Digitally resilient businesses co-ordinate their thinking about defending their data assets and digital infrastructure. They involve the entire enterprise in this effort to achieve resilience, which they treat as central to the business. They educate all employees in safe computing practices and faithful stewardship of data, especially the information customers entrust to them.
Digitally resilient organisations always think in terms of their network. They view it as an ecosystem, so they take no actions and make no changes without taking the whole system into account. At the same time, they build into the system ways to halt cascading failures by segmenting their networks to contain local breaches before they metastasize into catastrophes that may spread throughout the organisation and far beyond.
Speaking of ‘far beyond’, digitally resilient organisations understand that their networks do not end at the corporate property line. A network is only as secure and resilient as the networks with which it connects. Resilient organisations evaluate the resilience not only of the networks they themselves operate, but those of the vendors and other stakeholders with whom they regularly connect.
The traditional view of cyber security is a means of protecting the data assets of the business in much the same way as misers protect their money — putting it in a safe, a bank vault, a safety deposit box or a mattress. Keeping it out of the reach of thieves is a good thing, except that the miser’s approach also puts assets beyond any possibility of growth through exchange and investment. The resilient approach to cyber security is to defend data dynamically and actively while also making it work for you.
In the traditional view, cyber security is a grim necessity, an obligatory back-office expense. In the resilient view, it is a value added to everything the business does. Creating digital resilience in a corporate network is not a cost, but an investment. Today’s threat environment is a critical problem for you, your stakeholders and your customers. Use available software tools to reveal and quantify the digital resilience of your organisation and to promote your organisation’s high degree of digital resilience to put to rest any cyber security concerns customers may have about doing business with you. Promote your digital resilience for what it truly is — a positive contribution to the value chain, which adds value for customers, vendors, partners and every entity that entrusts you with data and exchanges information with your business.
The trusted brand
Early in the online era, digital security was the table stakes of doing business online. The odds were stacked against all players back then, and they have only become exponentially more daunting since. Today, in fact, the minimum entry requirement for security is now guaranteed to be a losing bet. It is time to think beyond spending money on walls and think instead of making a growth investment in resilience. Today’s digital environment gives your vendors, customers and other stakeholders every sane reason for raving paranoia. The highly promotable digital resilience of your enterprise is an opportunity to play that most coveted role in our increasingly competitive and commoditised markets — the starring role of a most trusted brand.
Have an opinion on this article? Please join in the discussion: the GMA is a community of data driven marketers and YOUR opinion counts.
Please register below to unlock this article.
An email will be sent to you with your membership details.