I caught snippets of an interview on NPR the other day with the author of a book about cybersecurity and cyberwar, written for the average person. It’s good timing, with the recent high-profile breaches on the minds of just about everyone lately. In fact, I’d like to read the book eventually.
According to several articles I’ve read, one thing the book points out is how unprepared we are to deal with cybersecurity. That doesn’t surprise me, of course, because I have written about that same issue many times. An article in Motherboard pointed out:
That’s the most striking takeaway from a new book, Cybersecurity and Cyberwar: What Everyone Needs To Know, authored by Brookings Institution researchers Peter Singer and Allan Friedman. “Basic terms and essential concepts that define what is possible and proper are being missed, or even worse, distorted,” Singer and Friedman explain in their introduction. “Past myth and future hype often weave together, obscuring what actually happened and where we really are now. Some threats are overblown and overreacted to, while others are ignored.”
Yes, I agree with this. The authors’ point comes out even more clearly when compared to the 11th annual Global Information Security Survey, conducted by PricewaterhouseCoopers and CSO. Essentially, the survey found that while executives are (finally) willing to put money into cybersecurity, the attacks and the costs related to the attacks keep rising. So it is apparent that while corporate America is becoming more aware of the risks and doing something about it, the defenses might be behind the times.
A piece contributed to Forbes by SunGARD provided a suggestion on how to improve cybersecurity. Companies should consider adopting a Cyber Resilience Program (CRP). According to the piece, a CRP relies on cybersecurity defenses, but it also incorporates response and resilience to a cyberattack.
As I said, I haven’t read the book above yet, but based on the interviews and articles I’ve come across, a CRP may be the answer to the problem of preparedness. I’ve said for a long time that we need to be proactive, not reactive, in the response to cybersecurity, but it is easier said than done. A CRP might be the answer the book’s authors are looking for.