An immune system protects one’s body from outside invaders. In a way we can consider that a company is a “body.” Having been completely disrupted and changed by the digital transformation phenomenon, a company is now much more open and vulnerable in the way it communicates and relates to the outside world. Cyber criminals, just like viruses, break in and penetrate into IT systems like malevolent parasites intent on causing harm using techniques and tools that are more and more sophisticated. And so, Cybersecurity in that sense, is akin to the immune system of a company: it is indispensable and pivotal for a company’s well being and even for its survival.
By Alain Conrard, President of the Commission on Digital Strategies and Innovation of the METI (Professional Guild of French mid-market companies) (*).
What is an immune system? An immune system is a complex network of cells, tissues, organs that protects a body from outside invaders. Viruses, bacteria, parasites, germs and a whole host of similar microbes are constantly at work trying to get into a body and proliferate, leading to diseases and making the body more vulnerable. And that happens because the microbes either feed off their host, as is the case with parasites or use the human body as a breeding ground to multiply, as is the case for viruses, bacteria and fungi. Sometimes, the host cannot get over these aggressive infections and just dies.
By nature, an organism is open to the world and that is so because it needs the outside world to survive: to find food, to breath and so on…All organisms are vulnerable and porous. It is therefore constantly subject to multiple risks and attacks that the immune system is tasked with fighting off.
In a way, we can consider that a company is also like an organism. It is much more open and vulnerable in the way it communicates and relates to the outside world. For a company, exchanging and communicating is actually its raison d’être. Whether it is accessing its raw materials, ordering equipment, partnerships, dealing with suppliers and customers, all these activities are all different communication channels with the outside world. The all-digital spree with the digital transformation of businesses (and all types of organizations) in addition to the Covid-19 pandemic and its lockdowns has brought on a whole new digital mode of communication between all of the above stakeholders. While this digital revolution has led to incredible progress, it has also opened up numerous pathways to cyber criminals just like viruses, quick to take advantage of the situation to break in and penetrate IT systems, like parasites to deliberately cause harm with tools that are more and more sophisticated. There are many risks out there. This surge in cyber crime, with hackers attacking the many vulnerabilities of IT systems that are more interconnected than ever and complex, calls for sophisticated and robust cybersecurity solutions. Acting like a remedy or like antibodies, these cybersecurity solutions help reduce or even fend off cyber attacks. They are protecting a company’s digitally transformed IT system, which is a company’s absolute lifeline, protecting therefore the company as a whole.
Living a heathy and balanced life, getting regular check ups, being careful, taking medicine when needed, all these human health-related recommendations now apply to businesses and any other kind of organization for that matter.
The term “virus” now applies, and in no uncertain terms, to both the glossary of Biology and that of IT System Security. In that sense, all the cybersecurity solutions and programs make up the Immune System of a company: the well-being and even, and this is not an overstatement, the survival of companies depend on it.
Part of the Company Strategy
And so the question of Cybersecurity is now at the heart of a company’s strategy. When looking to the future, to the new frontiers of innovation and business growth, cybersecurity has been bumped up to number one on the “to do list” encompassing much more than just technological considerations, as most people tend to believe.
Just as it wouldn’t be wise to consider the immune system of the human body as an external shield simply layered on top of the body to help it function (whereas it is an essential and fundamental component of the human body), it wouldn’t be wise to consider cybersecurity, however useful, as an accessory. The attention and focus it has garnered these past years has rendered cybersecurity as a business fundamental. It has gone from a “nice to have” alternative to a “must-have” of virtually all businesses. If usually considered as some kind of “insurance policy” (and that aspect of the question is actually being developed to complement cyber security packages), it is an integrated insurance policy. Whereas car insurance is not included when you buy a car, cybersecurity however is part of the company. The Boston Consulting Group stated that Cybersecurity “is not a technological project. It is a company-wide approach with strong technological support (1).”
Like all living organisms, knowing how to adapt to threats is the golden rule. But here, the threats keep changing, they keep working around the defence procedures and often enough manage to get through. In fact these highly versatile threats are one of the major concerns for Business Leaders and CIO/CISOs: the protection that is effective today will not be effective tomorrow and the lessons of the past will, most of the time, be useless in helping to address the threats of tomorrow. Whether it is a direct or indirect cyber attack (originating from a partner’s or supplier’s breached IT system) it can jeopardize the entire organization by causing the business processes to shut down. Everybody in the organization needs to be actively involved in being trained on Cybersecurity best practices be it the Business Executives, the CIOs, the CISOs, the Board members all the way down to the rank-and-file. Given that most security breaches are due to poor cyber hygiene i.e. human error, it is easy to grasp therefore that keeping an organization safe is everybody’s business just like when a body is infected and has to produce plenty of antibodies to stay healthy.
So Cybersecurity calls for constant adapting. Once that logic is etched in stone (because for sure, there is no going back), the bigger picture clears up. No need to live in fear unless instilling fear helps foster or accelerate prevention and protection. You need to appreciate risk and implement the required measures to anticipate and prevent attacks rather than act after the fact. And, if despite all that there is an attack then you have to be able to remediate those attacks. What is key is being able to analyze and protect against potential threats in a structured fashion without rushing or panicking. Cyber risk management requires a solid skill set. And most of the time the people facing these issues are absolute beginners (especially SMBs and Mid-Size companies) who for the most part, do not have the time nor the resources or means to deal with the subject effectively and in detail. All they are interested in is to minimize the risks and go back to taking care of their business. This is why deploying a Cybersecurity awareness campaign, at all levels, with the help of a seasoned partner to support them through this constantly evolving security journey is absolutely mandatory.
Exposure to cyber risk has all companies thinking about how to make sure its employees adopt the needed best practices. Confronting that risk is now a regulating process that guarantees and ensures a company’s integrity. Because of that, Cybersecurity impels us to rethink a whole set of operational modes that are much more rational and to a certain extent more effective. In some way, Cybersecurity actually contributes to improving the overall efficiency of the company.
Risk of a Pandemic
What affects companies also affects individuals, organizations or states. Exposure to cyber risk exists at all levels just like exposure to radiation – it contaminates anything and anybody regardless of social class. Cybersecurity has worked its way up to the top of the list as a number one priority. In actual fact, the magnitude of what cyber risk represents in terms of frequency and damage it can cause, has become a matter of public concern worldwide, alongside global warming, public heath issues and civil and military nuclear power – it is now part of the very select “Biggest Threats to the World and Humanity ”club. Cyber threat has taken on pandemic proportions.
This pandemic is here to stay and is mechanically driven to spread even more with the huge amounts of data in circulation and the value and/or insights that this data represents. Information has become a very precious and valued asset and leveraging that information in domains such as spying or warfare for instance, proves this point. We know that today the main source of value creation is data. So it makes sense that with the proliferation of these digits and characters comes cyber crime that wants to get its hands on that treasure and profit from it.
A single figure could easily illustrate the extent of this humongous phenomenon: if cyber crime were an actual economy per se, it would represent the third largest world economy after the United States and China (2).
Bolstering the Immune System of our Democracies…bursting our “bubbles of certainty”
Greed is not the only motive that drives cybercriminals to steal data. Data can also be leveraged to influence and shape public opinion. Indeed, we have seen highly sophisticated techniques to distort information, mislead public opinion with fake news and deepfakes and even conspiracy theories. Foreign powers have used these techniques to weigh in on election results or to influence the public opinion of hostile nations and even allies.
Cyberspace was initially created to promote the free flow of information for the widest possible audience (a way of safeguarding our democracy), but because of the pressure of so many different influences, Cyberspace has turned into a space where, like an uncontrollable disease that spreads, sharing one’s opinion or thoughts has become untenable.
What happens is that platforms and the different social media algorithms tend to lock users in what are called “bubbles of certainty.” This prevents having an open and honest debate, which by the way is the foundation of any democracy and their related parliamentary systems – parliaments being where debates are held and different views and opinions get confronted in a civil and constructive manner to try and find some kind of compromise. In these “bubbles of certainty,” it is not about debating and upholding the principles of democracy but about unleashing one’s certainties and happily agreeing with oneself. The violence that ensues is detrimental to the idea of what politics is all about. And therefore, a large part of doing what it takes to preserve the principle of democracy calls for cybersecurity applied to cyberspace to keep fake news and information tampering at bay. By bolstering democracy’s immune system, we are addressing the potential health issues of the political and social landscapes. But the question is, will the people in power have that willingness to do what it takes, at a time when public authority is losing ground and the authority of the State, all over the world, by and large, is ebbing away? A wake-up call is in order on these questions.
Cybersecurity is becoming one of the major challenges of our time. As the immune system of companies, it contributes in large part, to ensuring the sustainability of the world economy under constant threat of cyber attacks.
So let’s embrace this cybersecurity journey with trust and confidence while making sure we do what it takes every day to address these security issues with determination and resolve.
Article initially published in La Tribune