Читать книгу Beyond Cybersecurity - Kaplan James M. - Страница 3

Foreword

Оглавление

We live in a remarkable age of technology innovation. The speed with which we are able to communicate, collaborate, and transform our businesses and organizations is truly astounding. Yet the risk created by our increasing dependence on those technology advancements is equally astounding. The economic, operational, and reputational risks of technology are well known to anyone who has paid even passing attention to the almost daily security breach headlines.

In their research, so effectively laid out in this book, the authors explain why there is so much cyber insecurity today, how it has become such an intractable problem, why it could get worse, and what organizations, industries, and governments must do now to start to address the problem. Importantly, James Kaplan, Tucker Bailey, Chris Rezek, Derek O’Halloran, and Alan Marcus go beyond elucidating today’s risks and how to mitigate them, and extrapolate the downstream economic consequences if organizations don’t change their fundamental approach to cybersecurity.

During the course of the authors’ work, I had an opportunity to preview their methodology and early results. So much of what they were seeing in organizations around the globe mirrored what I had been seeing and hearing from RSA’s customers. As the authors subsequently presented their early findings to national representatives of countries from Europe, Asia, and the Americas at the 2014 RSA Conferences, it was clear that their findings resonated globally and reflected a universal experience. At these sessions, I was encouraged to see such an improved understanding of the need for all nations to cooperate to solve this problem.

It is clear from the research that the advent of cloud, mobile, and social media technologies combined with contemporary digital business practices has so expanded and distorted the attack surface of organizations that it is no longer possible to use the perimeter as an effective defense method. The perimeter that used to serve as a barrier between organizations and the external world has been perforated to the point that even a Swiss cheese metaphor is too charitable. The perimeter has become fragmented, ephemeral, dynamic, and contextual. As such, the security programs and controls on which we have relied are being overwhelmed. A new security model is called for and the authors of this book are recommending a multitiered approach based on the concept of digital resilience – an approach that has been adopted by leading companies around the world and has rapidly become conventional wisdom.

Digital resilience is not just a theory. It is a strategy, yes, but it is also a framework of policies, processes, and controls that promise real security in our increasingly insecure world. It starts with a thorough understanding of risk and the need to view digital risk through the lens of an organization’s business objectives, priorities, and critical assets. It’s about creating a culture of security among business leaders so that digital business decisions are made with security in mind and not just as an afterthought. It’s about being prepared for attacks from any source, including insiders, and having the visibility, analytical tools, and dynamic controls necessary to respond rapidly and with agility to the inevitable intrusions. Most of all, digital resilience is about bringing all of these elements together in a coherent whole to create true defense in depth.

But our organizations are not islands. It’s hard for them to succeed on their own. The authors acknowledge the need for an ecosystem of governments, regulators, vendors, and industry groups in which organizations work together and create policy that will protect the collective whole.

For many, the topic of cybersecurity continues to be unfathomable. A lack of organizational maturity, fear, and a sense of hopelessness permeate many organizations. As the authors explain in their analysis of the economic consequences of continued cyber insecurity, the impact of this lack of clarity goes beyond the current challenges we face, since the adoption of innovative, potentially transformative technologies is being hampered by fear and uncertainty around cyber risks. But, as two-time Nobel Laureate Marie Curie said, “Nothing in life is to be feared. It is only to be understood. We must understand more so that we may fear less.”

The authors do an exceptional job of creating that understanding in this book and are to be commended for providing the research and analysis necessary to distill such a clear and compelling path to a secure future.

I believe this book can be of enormous help to security practitioners and IT executives, not only to benchmark themselves against real-world successes, but as a tool to explain to senior management the importance and relevance of cybersecurity to their organizations’ future and very viability.

Every politician and regulator should use this book as a guide for developing thoughtful, effective policy and practical regulation that can support the private sector in its efforts.

And, finally, for executives and boards of directors, it can be a valuable guide for their fiduciary understanding of a problem that all organizations face and will only grow in import in the future. I am frequently invited to speak to boards of directors about their cybersecurity situations and outlook, and, while I frequently draw upon my own experience and the experiences of our customers around the world in those conversations, I’m thankful to be able now to share the excellent insight and perspective of this book as well.

Arthur W. Coviello, Jr.

Executive Chairman

RSA, The Security Division of EMC

Beyond Cybersecurity

Подняться наверх