I find that looking back can help you see ahead more clearly. Nearly all major corporate entities work hard to defend themselves from cyber perils. I find they personalize cybersecurity strategy, when it might be helpful to take a step back to better inform your plan for tomorrow. What does 2022 and beyond look like for you?
Pay attention to the top U.S. strategic cyber adversaries--China, Russia, Iran and North Korea--along with their supported non-state actors, including some of the most well-organized cybercriminals in the world. What are their real motives, and most importantly, are you a pawn in their bigger game?
By combining a better understanding of yourself and the threat, you can better see reality. Sun Tzu wrote in The Art of War, “... If you know neither the enemy nor yourself, you will succumb in every battle.” With big trend intelligence like China’s 14th Five-Year Plan (2021-2025), knowing the business of the adversary might put you in a better position to know if you’re a possible pawn, and therefore position a better defense.
Thomas Lyden, on the Customer Success team at RiskLens, has 20 years of senior leadership experience in cyber at SAIC/Leidos, EY, and many startups in the security field, serving government and commercial clients.
Cyber Threats in 2022
History shows that if you’re in a business that aligns with China’s ”themes of self-reliance and technological independence” (namely, the “frontier” technology fields of Artificial Intelligence; Quantum Information; Integrated Circuits or Semiconductors; Neuroscience and Brain-Inspired Research; Genetics and Biotechnology; Clinical Medicine and Health; and Deep Sea, Deep Space and Polar Exploration), you’re a higher-priority cyber target.
Where does your business sit on the trend’s “S Curve,” and how do these adversaries use “pile-on tactics” that can impact you? The Rand Corporation publishes reports on Chinese and Russian cyber strategy that can provide insights.
Think about the political battles in the U.S. over social media, selling data, and controlling the narrative and its impact on Data Privacy vs. Data Security, or the recent crackdown by the Chinese Communist Party (CCP). Data Privacy governs how data is collected, shared and used and Data Protection focuses on protecting data from compromise by external attackers and malicious insiders. Where’s the trend (Privacy is trumping Security), and therefore where should you allocate your next dollar? Defense or business transformation?
Risk Management Priorities
Managing cyber risk requires significantly more than keeping vulnerabilities patched. We also know that you can’t manage what you don’t measure. I can’t effectively know where to spend my next dollar on defense if I don’t look at the big picture.
Where would my Spidey-Senses be up? Three places: Oil and Gas (Putin’s retaliation for Ukraine backing), Social and Large Tech Platforms and the frontier technology fields cited above (China’s retaliation for Olympics boycott and political warfare).
Combining your threat intelligence with a quantitative-based cyber risk management capability in businesses planning and execution will better position your entity for success. Keeping your head up beyond just your entity’s borders (for instance, participating in one of the ISACs) will help you understand what square you’re on and how stable it might be.
RiskLens customers leverage quantitative cyber risk analysis with threat intelligence to focus on the most probable threats of highest impact to the enterprise. Raise your cyber defenses with risk quantification – contact us to learn how.