August 8, 2016
Cyber attacks remain a fast growing business, despite investments organizations make in their cyber defense. Significant drivers for it are increasing sophistication of the threat, prioritization of openness and functionality over security, and a lack of relevant tools on premises of many companies. What is often overlooked, however, but remains important, is a lack of holistic management approaches and organizational silos. Security models have grown organically over many years, but haven’t been significantly adjusted to the changing realities.
In the past, organizational security focus was on physical security to protect against attackers operating in close geographical proximity. Companies stored their assets in safes and focused on enhancing physical ‘locks on doors’. During the first, second and third Industrial Revolutions, global companies tried to adapt to the development of crime in a multinational context, where the threat changed from being local to regional, then to national, and finally, to international. In the so-called the fourth Industrial Revolution, global companies are facing a much different threat and operate differently. Physical locks to protect assets became irrelevant. Technology brought progress and scale of businesses; institutions are able to serve more clients faster from anywhere at a lower cost. Our neighborhood is not a local district, but the entire globe. The perpetrators of attacks are no longer within miles of reach, but rather in unknown locations, where they may appear unreachable – behind proxies and encryption, with no need to travel. Modern crime is low risk and brings high returns. Technology gave rise to crime-as-a-service.