Over the last decade we have seen a striking, but expected, trend. As we move more and more of our personal lives, business operations, and critical infrastructure into the digital arena, cyberattacks have gotten more aggressive, successful, and damaging. Not only is there more value to be stolen online, but it has also become easier and cheaper to launch successful attacks, eroding our digital trust in online systems.
Consider your bank account and total absence of tangible money or legal tender that underlies it; you trust that the assets exist because you can “see” them when you log in. But the value that sits on the servers is made up entirely of trust in those digital systems. There is a very fine line separating our smoothly functioning digital society built on this trust and the chaotic breakdown that would result from its erosion.
Today, bad actors can use existing malware and exploits, often free or inexpensive to obtain online, to launch successful intrusions and obscure their identities. These sophisticated adversaries are also developing, and selectively using, unique tools that could cause even greater harm. This all adds up to tremendous strategic leverage for the attackers.
To the extent that any of the thousands of daily threats are successfully detected, protection provided by legacy security products is highly manual in nature because there is no capability to automatically coordinate or communicate with other capabilities in your network, let alone with other networks not in your organization. But it isn’t just technology that’s fallen behind. A lack of executive-level leadership and understanding of cybersecurity risk and governance is further complicating many organizations’ abilities to effectively address sophisticated threats.
A recent report from the Georgia Institute of Technology noted that boardroom-level focus on cybersecurity has doubled since 2012 to over 66%, but most boards still lack proper planning, review of investments, and effective reporting structures. Clearly the importance of cybersecurity is getting through, and while governments are getting serious about cybersecurity frameworks and technical guidance, a key gap remains: how to communicate the level of risk and necessary investments in people, process, and technology at the boardroom level.
Having a prevention mindset at the executive level is the first step in addressing this gap and changing the economics of the cybersecurity problem, but we have to take action to actually change our current circumstance. It’s for this reason that Palo Alto Networks has partnered with the New York Stock Exchange to produce, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. We intend this book to be both a how-to guide and an anthology. It includes advice and cybersecurity best practices from CEOs, CISOs, lawyers, forensic experts, consultants, members of academia and current and former government officials, including the World Economic Forum, Visa, Georgia Institute of Technology and former Secretary of Homeland Security, Michael Chertoff.
Navigating the Digital Age is intended for those new to the topic, as well as seasoned leaders in the field and is a necessary addition to any corner office or boardroom. We intend for this to carry on the work started by the U.S. government’s Cybersecurity Framework and raise the bar at the executive-level for effective cybersecurity.
We also know this conversation will continue to evolve well beyond the publication of a book. That’s why today we’re also launching SecurityRoundtable.org, a community designed to share best practices, use cases, and expert advice to guide executives on managing cybersecurity risks. We hope this will help raise awareness of the importance cybersecurity has for customers, critical services, and business operations. We invite you to join us today by taking what you feel is of value and sharing your technical knowledge and expertise with your senior leaders and peers.
Not all of us have to be cybersecurity experts, but we all have a new responsibility to change the way of thinking towards preventing cyberattacks by sharing best practices, use cases, and cyber intelligence. If we take a longer view of the threat, the combination of next-generation technology and our joint efforts can vastly reduce the number of successful cyberattacks and restore trust in our digital way of life.