Managing Cyber Risk with Human Intelligence

A Practical Approach

For years we’ve been told stories about how technology was going to make our lives better. And for the most part, it has. We can work more efficiently, work from remote locations, and transact business across the globe with a few keystrokes on a computer. On the personal side we can video chat with our loved ones, track our heart rate and exercise goals on a wrist watch, and control the lights, the thermostat, and see who’s ringing the doorbell at our home all from an app on our mobile device.

Sadly, as with most things in life, technology isn’t always as good as it seems. For all the same reasons the technology is a positive – the interconnectedness, the shared environment, the increased speed and efficiency – it is also a negative. Specifically, technology can be used as a tool for criminal behavior that puts individuals, corporations, and governments at risk of cyber breaches.

It is estimated that cyber breaches cost the global economy $1.5 trillion per year, and this is expected to increase, with some sources believing it could cost the global economy a staggering $6 trillion by 2021. The increasing scale of cyber breaches means it has now become necessary for organizations to mature beyond a basic reactive defensive approach on cyber, to an intelligence-led, proactive one. To be intelligence-led is to know both yourself and your enemy. This means knowing what your critical assets are and who may have the motivation and capability to threaten those assets.

So how are governments, corporations, and individuals tackling such risks? Governments have started to take cyber attacks more seriously. In fact many countries such as the U.S. and U.K. have set up national agencies dedicated solely to protecting government assets from cyber attacks. One particular concern involves cyber attacks on critical infrastructure systems. On the corporate side, many organizations are now asking themselves when an attack will occur, not if. As such, it is critical for a company to analyze and understand all potential points of cyber impact. We argue that taking an intelligence-led approach is the solution. Corporates should evolve to an active defense strategy but understanding the key drivers of cyber and building an effective security program through strong partnerships between their business lines and risk management teams.

Technology can also form part of the solution. As the corporates shift their technology needs from on-premise to cloud, we are seeing an impact in the security solutions market, with hyper-scale cloud providers potentially playing a role in addressing security challenges. We note virtual/cloud form-factors of traditional products, like firewalls, will likely become important, as will new technologies such as cloud-based security brokers (CASB). Emerging tech solutions such as artificial intelligence, machine learning, blockchain, behavioral biometrics, and others can also provide an enhanced ability to predict and analyze threats and detect and stop cyber attacks — all at a speed and scale that would not have been possible without their use.

The risk of cyber attacks is most likely growing vs. subsiding and having an intelligence-led approach will be critical to getting ahead of new threats. As an FBI agent recently said at a conference “The goal is to avoid a massive loss either in a business line at a corporate or in a personal account because someone clicked on a dancing kitty.” Human intelligence…