No matter who you are, what you do, or where you reside, one thing is certain. In today’s digital economy, everyone is experiencing record evolution. Customers want more, and so do their stakeholders. Today, in business, it’s all about working with digital natives – customers, partner companies, and employees – building trust and implementing advanced solutions to enhance their experience. Success comes when an organisation pays attention to them and to the market. When they anticipate the next steps, and act upon them. This is the era of the first mover not the fast follower.
Nowadays, organisations need digital leaders such as CIOs, CISOs, and CTOs who are strategists, visionaries, and know how to manage, effectively. These are leaders who understand how to implement progressive technologies, like the cloud, 5G, artificial intelligence, machine learning, and others that are intricately woven, interconnected, and interdependent. They’re at the forefront of business, replacing or upgrading legacy systems, software, and devices, which are vulnerable and often unsupported. They’re setting standards, enforcing policies, building business cases, attaining budgets, gaining support of initiatives, securing their estate, drawing in top diverse talent, and retaining them.These CIOs and CISOs understand the growth challenges as more people come online and technology adapts. They know that by 2025 an estimated 70% of the workforce will be working remotely at least 5-days per week and by 2030 90% of the world’s population (7.5 billion) is expected online. They appreciate the exponential growth that will come from connected, mobile devices. Cisco’s report which predicts 30 billion devices by 2023 of which 45% will be mobile won’t shock them. Neither will the fact that networked devices will surpass humans on the planet 3X over.
They realise the world is generating and consuming in excess of 79 zettabytes of data every year – with approximately 90% being duplicated compared to 10% being fresh, and are prepared for 2025 when this amount is expected to double. Additionally, that data stored in the cloud – which includes public clouds, government-owned clouds, private clouds, and cloud storage providers – is expected to climb to 100 zettabytes by 2025.
It’s a roller coaster of a time to lead, as CIOs, CISOs and CTOs are having to deal with more users, data, devices, technologies, connectivity, mobility, regulations, risks, and threats than they care to. The pressure for those in charge is immense as cyber risks have scaled, and can now bring businesses, economies, and communities to a halt. Cyber risks top worldwide business concerns in 2022. Today, cyber is not just disruptive, it can be weaponised and is capable of destruction. Offence is structurally dominant, unlike defence which is complex as vulnerabilities can be exploited between country borders, cyber and physical worlds.
Unsurprisingly, corporate cyberattacks are up 50%, with around 270 occurring per organization, and on average, each organisation needing 280 days to identify and respond to a cyberattack. Executive stakeholders are being prepared for average data breach costs, which according to IBM now reside at just over $4.24 million per organisation. And, if the organisation is listed on the NASDAQ, this worsens after a breach becomes public. The World Economic Forum reports the average share price can drop three points, even after six months.
The stakes are high, no matter the size of the organisation. Hackers love small businesses. Currently, three times more small businesses are targeted by them than larger ones and around 60% go under within six months of falling victim to a cyberattack. Unfortunately, organisations with fewer than 250 employees tend to be less aware of cyber dangers or are ill-equipped to deal with them. According to Accenture only 14% are prepared. Most believe an attack won’t happen to them which couldn’t be further from the truth. When cyberattacks are scaled with automation, advancing technologies like AI and machine learning, and a criminal underworld that supports its clients (whether technical or not) like a high-performance business would, the financial gains are enormous considering the return on investment.
Just like yesterday, all tech is hackable and cybercriminals penetrate 93% of company networks in less than 2-days. Last year, cybercrime became more profitable than the illicit drug trade, and in the USA alone, cybercrime damages were said to be over $6 trillion.The costs are huge, considering the work that needs to be done to restore compromised systems, damaged, stolen or destroyed data, plus compensation for theft of finances and intellectual property, fraud, lost productivity, forensic investigations, regulatory fines, and reputational harm.
Could it get any worse?
Sadly, yes. The digital world has a skills shortage. It’s dire, and there’s intense competition for top talent. McKinsey & Company raised the alarm in 2020. Then, they reported 87% of organisations worldwide were already facing a skill gap or would face a severe talent shortage by 2025. Additionally, less than half of their leaders had a strategy for curbing it. Two years on, the floodgates have opened, and the ‘Great Resignation” or “reshuffle” is underway with unprecedented numbers of workers on the move. The digital skills gap comes at a cost. 14 G20 countries could miss out on $11.5 trillion cumulative GDP growth.The skills gap is slowing digital transformation and in cybersecurity it’s increasing risks. Digital leaders need to solve this issue fast and technology has a valuable part to play in this. Devices must be fit for purpose, and they play their part in both recruiting and retaining staff.
With an enormous attack surface, cyber threats have scaled and are bringing businesses, economies, and communities to a halt. Since the pandemic, millions of people from all over the world have been taken offline by hackers demanding a ransom, one of the most popular forms of cyberattack.
But it’s not the only attack vector that’s popular. Supply chain attacks grew 300% in 2021. These are where attackers focus their efforts on a vendor, a software application provider, or even open-source software. When this happens, attackers gain access to all the vendor’s customers, or they can modify the software vendor’s code that’s sent to customers or downloaded by them. This can result in significant system downtime, monetary loss, lawsuits, fines, and of course reputational damage. The impact is huge, and damages can cost billions, as they did with SolarWinds and Kaseya recently.
Targeted attacks like these, plus social engineering, specifically phishing – where attackers pose as a trusted source, prey on human vulnerability, and use email or malicious websites to gain the information they want – are effective but they aren’t the only problem. 95% of cyberattacks, data breaches and compliance failures arise from purely accidental human error, like missing expired certificates, misconfigurations or failing to patch.
Pre pandemic, Nominet released a study, Life Inside the Perimeter: Understanding the Modern CISO and reported on cybersecurity’s leaders. They found 1 in 6 CISOs were turning to alcohol or medication to cope with stress. Questioning 408 CISOs, 27% said that they were working up to 60 hours, 1 in 5 were available 24/7 and 55% left their job within 3-years.
Post pandemic, more research has come to light. In 2021, VMware’s 2021 Global Incident Response Threat Report found that 51% of surveyed security professionals experienced extreme stress or burnout over the past 12 months with 65% considering leaving the profession. In 2022, the brain drain is concerning as Forester now predicts 1 in 10 experienced cybersecurity professionals will leave their jobs this year due to poor financial and advancement initiatives, stress, burnout, and workplace toxicity.
When it comes to hiring, especially an untapped pool – women, a strategy many organisations are keen to use due to the benefits women can bring, like increased profits, better decision making and innovation – not much is changing. There are still fewer women than men in work or looking for work. In some parts of the world the situation is worse than others and the pandemic hasn’t improved the situation.
Many organisations have reported on the situation. In cybersecurity, the international non-profit membership association, (ISC)² who has been studying the makeup of the cybersecurity workforce since 2004, released their latest market research, ’In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity.’ Their findings revealed more on the division women and people of colour are still facing, and concluded women are still underrepresented, undervalued, and underpaid. Today they account for only 25% of the cybersecurity workforce, a 1% improvement in the last two years.
But it’s not all doom and gloom. Technology is transforming the way we all do business, and the global digital economy has surged off the back of the global pandemic. With effective digital transformation, which includes cybersecurity, there are tremendous opportunities for organisations, societies, and the planet. As the world’s economies have become reliant on digital socialisation, entertainment, and homeworking, creativity has poured in and brought waves of innovation to solve digital challenges.
One of those is mobility and it’s brought benefits as mobile first strategies have become a necessity so hybrid and distributed work models can be managed. With effective solutions, like those provided by the Intel vPro platform, powered by 12th Gen Intel core processors, workforces can now better communicate, collaborate, and access work at speed from wherever they are. By using a premium and scalable technology such as this, they can receive better connectivity, higher quality audio and video experiences, so teams can be in touch constantly, getting real-time feedback and insights.
Organisations that better streamline their operations are more efficient, productive, and profitable, too. With enhanced productivity and collaboration with business class performance, they can easily access, control, store, retrieve and secure their data which saves time and money. They can provide better digital experiences, work in a more agile manner, pivot and scale faster, helping their employees to feel more satisfied and deliver to their full potential. Features like these deliver value right away, as they give digital leaders an edge over others which helps them attract exceptional talent from anywhere in the world, and positively impact their bottom line.
Mobile first strategies can also help with diversity, equity, and inclusion, too. Focusing on women, they can enable more women to join the workforce from anywhere in the world, work in a hybrid manner, and when coupled with quality leadership, and a progressive business reman in it. Flexible workforce solutions help enormously when women are still taking the lion’s share of invisible work – work they don’t get paid or recognised for, like childcare, housework, emotional and relational caregiving. Around the world, women perform three out of every four hours of unpaid labour, so when more women are included in business – as they can be with hybrid ways of working and technologies that support them – families, communities, and societies all benefit.
According to Tessian, hybrid ways of working may be particularly good for women. When they surveyed 200 women in cybersecurity, 49% said the pandemic had positively affected their career. They also suggested that if women were to achieve gender parity in cybersecurity, then £12.6 billion could be added to the UK economy and a further £4.4 billion could be added with gender pay parity. Just imagine what this could do for the increasing digital divide, where fewer groups of people, particularly girls and women, receive less access to technology.
But as mobility has brought increased threats, what must you do to protect your organisation’s customers and brand? The answer is, improve your cyber resilience.
Businesses of all sizes must do this. Their leaders must understand how much downtime the business can withstand and then develop a well-tested and repeatable response and recovery strategy. CIOs, CISOs and digital leaders need a clear strategy, and buy in from their stakeholders, especially the executives. They must know their assets, how they are inter-connected and inter-dependent, and which ones are mission critical so they can isolate them when (not if) malware enters the network, or a breach occurs.
Business-class performance is non-negotiable, so leaders must be able to engage their entire workforce and increase their effectiveness. This means appropriately specifying their workforce’s needs and giving them connectivity and expansion so they can work the way they want, without friction, and their productivity is optimised. It means working with trusted partners and technologies like Intel and the Intel vPro platform which has hardware-based security features “baked in” to help their clients protect, detect, and recover from cyberattacks faster. And, give them complete remote management so their security teams can defend highly distributed PC fleets with comprehensive security measures. It means working with systems that meet a minimum documented hardware and software standard for non-consumer devices including enhanced stability, manageability, and security capabilities.
Of course, CIOs, CISOs and digital leaders must decide what to outsource, too, and which trusted vendors to partner with. They must know their supply chain and ensure adequate engagement policies exist and are enforced. They must apply good cyber hygiene practices, likes those recommended by the UK’s NCSC (Ten Steps), CISA or the Global Cyber Alliance, so that’s things like system risk assessments, penetration testing, patching, protecting user privileges, backups, phishing detection, and of course using secure devices that have been built for business in one integrated and validated solution by a trusted partner.
Awareness training is also vital, because over 95% of security breaches originate from user error. So, the faster an employee can recognise a cyberattack, the faster they can be contained and the lower the impact. Interestingly, researchers have found a direct correlation between the speed with which organisations find security breaches and those that provide solid cybersecurity training. Specifically, organisations who delivered effective cybersecurity training found over half of their security breaches in under 24-hours compared with others who only found a third of them.
It means having a cyber incident response playbook, a public relations plan, and a well-trained incident response team who know exactly what immediate actions to take, and what statements to make to the press when an incident happens, or they discover a breach.
To address these challenges requires fresh thinking, building cultures of psychological safety, fostering active partnerships, and collaborating between industries, academia, and governments. It requires leaders to stop exploiting their greatest assets – their people – and ensure they get the balance right between people, processes, and technology.
Women can enable this. Countless studies have reported upon women understanding and managing risk differently to men. Many are referenced in my book, IN Security,. Women are natural change agents and guardians with unique talents, and when women are included in business, they will create the safety, the prosperity, and the sustainability that’s needed. Evidence of this can also be found in the Forrester Wave, as the highest performing companies are the ones that have tied DEI outcomes to their profits.
Cass Business School has reported on this too. They investigated whether gender-diverse boards can play a role in preventing costly bank misconduct episodes. The Financial Conduct Authority has spoken about this, informing others that greater female representation significantly reduces the frequency of misconduct fines, equivalent to savings of $7.48 million per year. It turns out, the mechanism through which gender diversity affects board effectiveness in preventing misconduct stems from the ethicality and risk aversion of the female directors, rather than their contribution to diversity.
Women are naturally highly attuned to changing patterns of behaviour – skills that are needed for correctly identifying hackers and protecting environments. Women have also been found to fall for attacks less frequently than men, and they comply with rules and embrace organisational controls and technology more than men. According to researchers from the Carnegie Mellon University in Pennsylvania, in their paper, ‘Quantifying Collective Intelligence in Human Groups’ more women in a group boost collective intelligence in decision making compared to groups who have more men.
The business case for diversity, equity and inclusion is stronger than ever, especially given that profits increase by 25% and the greater the representation of women, the higher the likelihood of outperformance. Given these findings, companies with more gender diversity should be more cyber resilient.
So, now it’s over to you. You’ve heard about the cyber threats businesses are facing and how you can protect your customers and brand.
Now, I want to hear from you…
Tell me, what are you doing to protect your customers and brand in 2022? What else needs to be done? Then head over to https://intel.ly/3kjmKL5 to learn more about how you can ensure the security of your workplace.
Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this #ad for Intel Because your success is important to me, I only align myself with brands I believe in, and Intel is one of them.