Demystifying Cybersecurity for Business Executives

Flashback to 1995. Marc Andreessen, a recent University of Illinois Champaign-Urbana graduate and cofounder of the startup Netscape, was committed to providing access to the internet for the common person. Netscape launched the Mosaic web browser, which opened up internet access to people outside of the defense, scientific research and academic communities.

Early on, almost no one understood the risks of connecting corporate networks to the web.

During that era, very few people understood what havoc was about to be unleashed by connecting company networks to the internet. My startup, Raptor Systems, was one of the very first commercial cybersecurity vendors. As the company’s chief marketing officer, I was tasked with educating the market on inherent risks, while positioning Raptor as the vendor of choice for early adopters in this nascent market.  To introduce Raptor, I formally launched the company with an extended, highly successful media and analyst tour.

Despite the coverage that resulted, it was slow going at first. When Russian hackers breached Citigroup’s corporate network and stole $12M (lunch money by today’s standards,) the story appeared on the cover of the Wall Street Journal. Only then did businesses finally wake up. From that point forward, the market started to accelerate. Raptor quickly emerged as the fastest growing software company in America. We took the company public on the NASDAQ and eventually sold the business to Silicon Valley security giant Symantec. After the inflection point of the Citgroup hack, everything moved very quickly.

In some ways, everything has changed. Yet, in others, nothing has. So, what remains the same?

Despite the fact that the cyberattacks have been propagated on businesses for over 20 years, most companies are still woefully unprepared for an attack.

What’s lacking?

  • Thorough, clear security policies
  • Understanding of precisely where data resides
  • Prioritization of what data is most important and requires the most protection
  • Employee education on how to prevent inadvertent access through clicking on phishing scams
  • Ability to prevent malicious insiders from doing serious damage
  • Effective communication of the risks in language that can be understood by corporate boards and executives
  • Investments in technologies to quickly recover from an inevitably successful attack

Still, Much Has Changed

Today, cyberattacks and data breaches seem to be weekly occurrences, with new threats around every corner. The frequency, sophistication and severity of these attacks have increased exponentially, with seemingly no end in sight to the acceleration of this market. In fact, research firm Cyber Security Ventures predicts that there will be an attack every 14 seconds, with an aggregate of $6 trillion in damages in 2021, up 100% in just five years.

Many high profile attacks have created havoc, interfering with ongoing operations at organizations as varied as the City of Atlanta, FedEx, A.P. Moeller- Maersk, Reckit Bensicker, Target, Honda, Equifax, the Laboratory Corporation of America and Yahoo. Many billions of dollars in losses have been incurred from this handful of the most visible attacks. According to AT&T, 62% of companies have reported breeches, although it is believed the number is actually far higher as organizations hesitate to admit to this outcome for legal and financial liability reasons. Of course, it’s not only large organizations that are under siege.

So, what is new?

  • Virtually every company is doing business in the cloud, whether it be SaaS-based business applications from vendors like Salesforce, HubSpot, SAP, Workday or Zendesk, or hosting corporate databases and applications through Amazon Web Services, Microsoft Azure or Google Cloud
  • A new generation of hackers is now targeting cloud services providers (CSPs) rather than attacking companies individually. The goal is to use the CSP’s networks to spread malware and spying tools to their respective clients
  • Supply chain attacks have grown by orders of magnitude, up 200% in just one year, according to Symantec
  • With ecommerce sites for DIY hacking kits and tools and stolen credit card information, the technical skills required to break into networks have fallen dramatically. All of this can be paid for in cryptocurrency, allowing hackers to remain anonymous
  • The new, EU-led GDPR standard makes companies criminally liable and subject to large fines for data breaches
  • Slow but steady emergence of metrics for measuring the health of a company’s security defenses from the US National Institutes of Standards and Technology
  • Corporate boards have finally begun to hold CEOs and executives accountable

What’s to Be Done

In a recent cyberattack simulation held at Coventry University in the UK, mixed teams of business, IT and security professionals to fend off a simulated attack. The problem was that the business people were like deer in the headlights. They expected their IT brethren to do the heavy lifting – herein lies the problem.

Cyberattacks increasingly have financial, reputational and legal implications in addition to technical ones. Corporate boards and executives need to recognize that this just like any other business risk.

Executives across a wide range of departments and functions must understand the threats to their businesses and know how to proactively prevent and respond to them.

A few ways to increase your cybersecurity knowledge:

  • Take an introductory 2-hour free course with ESET:
    • Overview on threats, password policies, email protection, web protection, preventive measures, etc.
  • Attend a Cyber security conference with a managerial perspective including:
  • Take an online course on a MOOC:
  • Take an executive education course or certification at universities:
  • Study in one of the new cybersecurity-focused MBA programs
    • US
      • University of Albany, full-time MBA with cybersecurity specialization, which covers both managing risks and assessing security incidents
      • Florida Tech, online MBA in cyber security
    • Study in one of the new risk focused law programs, with cybersecurity courses
      • Texas A&M School of Law; Masters of Law Degree in Risk Management
    • If you’re an executive with an small/medium business, attend the WSJ’s Pro Cybersecurity Small Business Academy

We need business professionals to step up and take ownership of this increasingly mission critical business issue. That means peeling back the curtain, regardless of how terrifying it may appear, and learning as much as they can. Knowledge is power. It’s time to level the playing field.


Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How Axl Rose Achieved a Net Worth of $150 Million
Why You Should Never Counter a Counteroffer
How Did Levi Strauss Mount Such an Amazing Comeback?
10 Things You Didn’t Know About Las Vegas Sands CEO Sheldon Adelson
What’s the Best Online Tax Preparation Software?
Why You Should Stay Away From Cronos Group, For Now
Can GE Be a Coveted Buy and Hold Stock Again?
Your 2019 Tax Refund Schedule: When the IRS Pays You Back
What is The $50 Million Blockchain Research Program?
The Five Most Innovative Fintech Companies of 2019
Defining Least-Privilege Cybersecurity for Today’s Global Businesses Landscape
Four Tips For Developing a Profitable App
7 Awesome Travel Tips from a Vegas Insider
The Top Five Hotel Openings in Southern Africa in 2019
Woodlark Hotel is Elevating Portland’s Luxury Hotel Game
The Five Best Beach Destinations in All of Greece
2019 Maserati Levante S GranSport Review
A Closer Look at the 2019 Mazda MX-5 Miata 30th Anniversary Edition
A Closer Look at the 2020 Jaguar F-type
The Five Best Car Seat Cushions On The Market Today
A Closer Look at the Hamilton Khaki Field Murph
A Closer Look at the Maurice Lacroix Aikon Mercury Watch
A Closer Look at the Ianos Avyssos
A Closer Look at the Chanel Monsieur De Chanel Watch