Dear Board Members, Cybersecurity Is Your Problem Too

For every threat reported in the news, there are great many that remained undisclosed. In many cases, the threat or the attack also goes unnoticed until it’s too late. 

The problem is asymmetry. Hackers are constantly improving their arsenal of attack tools, focusing on ransom by targeting the most vulnerable and privileged, shifting to credential theft and disruption on top of monetary opportunities, and targeting new industries that remain unprepared (and sometimes unaware). 

The X-Force Threat Intelligence Index 2022 offers some clues to the evolving attack. It found that North America’s manufacturing industry faced more attacks that led to supply chain issues (28%) than finance and insurance — a first in the past five years. This is terrible news for companies who see IoT analytics and smart manufacturing as solutions to overcome razor-thin margins and unpredictable macroeconomic factors. 

Attackers are also dialing up their sophistication. A recent Achore survey showed that three out of five companies suffered supply chain attacks in 2021. Meanwhile, the Log4j vulnerability in open source libraries showed how vulnerable all companies are across all industries. 

“The threats are getting more sophisticated, the time to detect and respond is increasing, and vulnerabilities continue to rise. This demands a new way of delivering security, with zero trust emerging as a set of architectural standards and practices being advocated within NIST,” says Mukul Mathur, vice president for IBM Security in Asia Pacific and China.

Rethinking cybersecurity

The idea behind the zero trust, which Forrester first introduced as a model in 2010, is not revolutionary, nor is it new. But it does require a break from conventional thinking.

Here’s why: conventional security practices establish security perimeters. For business leaders, this castle-and-moat approach made sense. Anyone verified as an employee can work safely within intranets protected by rings of firewalls. All you have to do is make it someone’s responsibility to keep those perimeter defenses up. That became CISO’s primary remit.

However, the pandemic blurred work-personal life boundaries and poked holes in existing…