Ken Xie, founder and CEO of multinational cybersecurity software company Fortinet, writing for the World Economic Forum (WEF) explains the challenges and potential solutions for cybersecurity leaders today.
Xie says business and society needs to move to a scenario where cybersecurity is “built in to every product and system,” because cybersecurity can no longer be an “add-on.” To achieve this integration cybersecurity leaders face a number of challenges.
Real-time threat information sharing is essential
Firstly, says Xie, the speed at which security professional must address weaknesses and threats is fundamental to cybersecurity:
“Cybersecurity systems must keep up with the increasing speed and volume of internet traffic. Speed of reaction is vital as well. Too often, there are long lag times in addressing cybersecurity problems. Criminals can – and do – take advantage of this.”
To achieve this fast pace of response and stay ahead of cybercriminals requires the real-time sharing and visibility of threat information. In our digitally connected world “cybersecurity and global security,” are the same thing, says Xie.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
Collaboration and security awareness can quickly deliver tangible results
Secondly, the CEO stresses the collaborative approach needed to effectively fight cyber threats. He says a “hive mind” would be the result, enabling rapid learning and expanded “competency and capacity.” Organisations and states must learn from each other or the “same attacks,” will “take down countless entities.” He adds:
“Wide collaboration means including everyone in a broader conversation about cybersecurity.”
Thus “knowledge repositories,” must be part of operational systems and as well as collaborating in order to share threat intelligence data we must also collaborate “on education.”
“The more we talk about the importance of cybersecurity and its fundamental role, and the more education is shared, the more we will educate and nurture the future generations of cybersecurity professionals we very much need.”
Xie cites Herjavec Group’s 2020 Official Annual Cybercrime Report and the prediction of Cybersecurity Ventures that cybercrime will have a global cost in excess of $6 trillion annually by 2021, up from $3 trillion in 2015.
He adds that experts and decision makers across public and private sectors must work together and leaders should “make it clear,” that collaboration is “time well-spent.”
The CEO believes that tangible results could be achieved quickly. Especially given that 92% of malware arrives with individuals via email, as per CSO Online.
“With the right awareness campaigns and policies, as well as diligence in practice, we could eliminate more than 90% of malware simply by teaching new skills that overcome ingrained behaviours.”
A common vision
Xie also believes that a common vision, even “akin to NATO,” with its fundamental principles could lead to effectively anticipating the next threats from cybercriminals instead of reaction to them. He says:
“Cybersecurity education and training should be part of everyone’s educational development.”
Technology driven cybersecurity
As co-founder of Fortinet, now a multi-million-dollar cybersecurity technology company, of course Xie does not forget the importance of technology, noting that the world’s current infrastructure was not designed with cybersecurity in mind.
He says cybersecurity will require computing power, and infrastructure should have this designed in, as well as there being an integrated and multi-layer cybersecurity system.
“An example of such a larger vision for cybersecurity where all parts of the network participate together is security-driven networking, which changes traditional assumptions of networking.”
This type of networking takes the risk of each path of traffic into account and moves activity to the safest path. With 5G, centralized cybersecurity approaches are no longer tenable.
Product designers and developers must create with security in mind and update existing platforms. A perfect solution is unlikely but an “integrated, optimized platform,” will not “emerge at all unless we realize that it is needed.”
Xie concludes that “cybersecurity is a responsibility we all must take on,” and that:
“It is only once we have true integration, both across national and geographic borders, and also within our own businesses, that cybersecurity will achieve its full potential of creating a truly protected world.”
The Defence Works – our approach to security awareness and cybersecurity education
Xie makes important points. An effective global cybersecurity strategy must be an integration of both technology and knowledge, both sharing and security awareness.
Here at The Defence Works we focus on security awareness training believing that every individual within a business must be empowered with cybersecurity knowledge. This comes from the top down, but it should encompass every single employee. In this way, phishing emails can be identified and safely dealt with or threats can be spotted quickly, reported and actioned by security professionals. It will never be a perfect approach, cybercriminals evolve quickly, and human error will always occur. It is, however, a better approach and combined with effective technological deployment and development it will be progress in the cybersecurity battle.
Your employees play a key role in helping to use technology safely, so why not help upskill them on the risks posed when using mobile devices? Sign up for a free demo of the world’s most interactive security awareness training.