A fascinating analysis of cybercrime and cybersecurity this week from Michael Daniel, the president of The Cyber Threat Alliance.
Writing in the Harvard Business Review, Mr Daniel postulates that we have only just begun to comprehend the scale of the issue and that it is our perception of the online world versus the physical which is to blame.
Cyberspace operates according to different rules than the physical world and is more than just a technical problem, but is as much about economics and human psychology.
“The borders in cyberspace don’t follow the same lines we have imposed on the physical world – they are marked by routers, firewalls, and other gateways. Proximity is a matter of who’s connected along what paths, not their physical location. The same principles of cyberspace that allow businesses to reach their customers directly also allow bad guys to reach businesses directly”
He poses six key framework questions which he argues need answering before we can effectively tackle the problem:
- What is the right division of responsibility between governments and the private sector in terms of defence?
- What standard of care should we expect companies to exercise in handling our data?
- How should regulators approach cybersecurity in their industries?
- What actions are acceptable for governments, companies, and individuals to take and which actions are not?
- Who is responsible for software flaws?
- How do we hold individuals and organisations accountable across international boundaries?
In our experience, financial firms which are typically hyper-competitive are highly adept at solving industry issues when they recognise the group threat and work together.
Co-operation and co-ordination across borders backed by resolve, human capital and investment is key to solve these issues is critical.
The financial systems, both systemically and at the individual firm level, remain at risk and it is clear that any system is only as strong as its weakness link.