News of cyberattacks is slowly becoming a new normal. We are still at a stage where high-profile cases, like the recent attack against the American credit reporting company Equifax, in which 145.5 million users had their personal information compromised, raise eyebrows. But we need those eyebrows to stay up because we should never accept cyber threats as the new normal.
This week in Paris, hundreds of leaders met at the Women’s Forum to discuss some of the key issues that will shape the future of a world in transition, including cybersecurity. But this topic is not just a concern for the experts – it’s a concern to all men and women leading any business today.
New risks on the horizon
A recent report by the Internet Society, “Paths to Our Digital Future”, points out that now is a big moment for the Internet. The revolution we already see could accelerate in the coming years, not only due to the increasing digitalization of services and businesses, but also through the expansion of objects being connected to the Internet – the Internet of Things (IoT). By 2020 more than 20 billion “things” could be connected.
Suddenly it’s not only your computer but also your toaster or car that’s online! The convergence of the physical and the digital world promises a whole range of opportunities on the horizon. But in the interconnected communities we live in, cybersecurity becomes increasingly about personal and societal security.
Organisations are only as secure as their weakest link
What this means is that security needs to be everyone’s concern in the management chain. For leaders, cybersecurity must become a strategic priority. Business executives need to ensure that their organisations have the capacity and skills to address online threats – a challenge in itself due to the current deficit of qualified professionals. In fact, some estimates point towards a global shortage of 2 million cybersecurity professionals by 2019, with a stronger gender divide than in any other industry.
Security is not a concern that can be delegated to experts either, hoping that all will be fine. Today there is a psychological barrier among many non-experts who believe that security is something that their IT department is solely responsible for.
This narrow view misses the point that cybersecurity is dependent on a variety of actors – including individuals. The majority of cyber incidents are actually due to human error, through social engineering attacks such as email phishing to an employee, or even the accidental disclosure of private data. This means that basic security practices must be understood by non-experts as well.
Shaping a trustworthy Internet ecosystem
The ecosystem also needs to offer incentives for good behavior. Take the example of data breaches. While they are a risk to both companies and customers, the risks do not align. As we showed in our 2016 Global Internet Report, the organisations that handle customer data may be at reputational or legal risk to a data breach, but they are not likely to bear the same level of costs as the customers or users who may have their data lost or stolen in a breach.
This means we have to shape the ecosystem to better align the risks among users, manufacturers and service providers. While there are several ways to do this, such as clarifying liability laws, a key way is through better security signaling: recognizable, trusted methods for signaling levels of security so that consumers can factor it into their buying habits.
Everyone has a role to play to shape a trustworthy Internet. To secure data and online devices through their lifetimes, The Internet Society offers the Online Trust Alliance’s IoT Trust Framework. But this is only part of the solution. We need to all take into account the risk IoT insecurity poses to users, and the Internet as a whole.
Cybersecurity needs to be everyone’s concern, so keep those eyebrows up!
Watch my panel “Overcoming our Cyber Insecurity” @ the Women’s Forum for the Economy & Society.