Every organization with an Internet presence is battling for survival. State-sponsored hackers and organized crime groups continue to gather power and are more dangerous than ever before. We have approached the day when organizations must combine forces and reallocate resources to effectively defend against these formidable adversaries.
The Wild West
There is no overarching governing body of the entire Internet that can make and enforce laws, protect citizens and their rights, or support the public’s interest. By its definition it is a decentralized, interconnection of networks. On occasion a government in the real world may take an action that intersects with the Internet, but such actions are rare and the scope of that action is limited. No single real-world body effectively governs the Internet.
Instead, each business and organization with an internet presence has become a nation in the world of the Internet. Those virtual nations assume the roles, rights, and responsibilities of a government including protecting citizens (users) and their resources, making laws (policies), and punishing offenders. Business leaders and IT personnel must ask themselves if they can effectively take on these duties because if not, they bear the consequences and must account for cybersecurity incidents such as data breaches, commandeered IT equipment, and unavailable services. If governments, both real or virtual, cannot fulfill their duties, they are preyed upon but more powerful countries, cause discontent among its citizens, suffer severe damage, and can even collapse.
Real-world governments are climates in the Internet world. Just as people have learned to live in very pleasant and harsh climates all around the globe, companies are placed in a variety of climates based on real-world political influences. But instead of snow or heat, organizations face regulations. Some contend with privacy regulations. Others face data breach laws. However, these are just the circumstances of living in the real-world political boundaries, and not a direct governing body in control of the entire internet.
The Rise of Faceless Juntas
In recent years evil people realized that they can become more powerful and profitable if they allied themselves with other schemers. Born out of greed, crime groups abandoned the riskier shady business in the real world for the safer and anonymized world of the Internet. Real-world countries saw hacking as an extension of their espionage activities and established hacking operations. Like well-oiled machines, many of these groups have run themselves like a business with established processes and procedures to maximize their gains. With a powerful cyber army, they regularly plunder and enslave the weak nations of the Internet often without their knowledge.
3 Strategies for Survival
To effectively counteract these adversaries, companies must take three actions:
- Consolidate resources.
- Adapt resources.
- Make allies, trade, and share resources.
In 1781 the Articles of Confederation loosely bound the newly formed United States. Each state had retained most of the rights to govern and was effectively its own nation with a weak national government. Rebellions, inter-state disputes, economic strains, and disunion caused people to realize that a weak national government was ineffective to securing the rights of all citizens. In a paradox, states willingly gave power and resources to a national government which actually strengthened and rewarded all states.
Similarly, subsidiaries of an organization must realign resources with its parent organization. Businesses and IT personnel must understand that those they serve (customers, users, etc) benefit even when it looks like the child organization is giving up so much. Conversely, the whole conglomerate suffers when just a single part fails in their obligations. By consolidating, all organizations can benefit from economies of scale, reduced redundancy and waste, and scalable solutions. Consolidation also provides a more unified experience for users and customers. IT personnel can access the support and tools they need to more effectively fulfill their responsibilities. Finally, consistent technology solutions are far easier to defend than disparate, siloed systems. IT can no longer work in isolation.
Consolidation will naturally lead to a surplus of capital that needs to be reallocated and adapted. Those resources should go towards the parent organization’s unified IT solutions and defenses that in turn benefit the business units as well. It is expected that cyber defense receive a larger portion because many organizations typically neglected or understaffed their cybersecurity teams. IT employees should expect themselves to adapt and become proficient in their changing roles.
Make Allies and Share Resources
Just as countries become stronger when they make allies, a company must partner with other companies. This could be as small as sharing threat information, or as extensive as merging or even outsourcing IT and cybersecurity services. Whatever the approach, the teams must not be hindered in their communications or sharing and should have access to relevant data. Organizations cannot hope to adequately defend themselves by working independently.
Adapt to Survive
Although it is difficult and sometimes painful in the short-term, adapting to combat Internet threats will produce resilient organizations, drive expenses down, and instill trust. If an organization really does care about the people it serves, then it must endure the pain, embrace discomfort, and change the status quo.
One person can’t do it alone—A large enough number of the employees must catch the vision. Instead of putting up barriers and resistance, they will grease the skids and work to ensure the changes are successful. What will emerge is a more responsive organization with the aptitude, flexibility, and resources to defend against the modern-day threats.
Examine for a moment some tough questions business and IT employees should ask themselves.
Are all IT assets, resources, and data effectively being managed and protected with minimal waste and unnecessary redundancy? Are multiple people doing the same job but just in different departments? Do you have multiple but inconsistent policies, processes, or procedures regarding the same issues scattered across the orgniazation? Is your IT across all organizations structured in a way that inhibits or enhances fulfilling its responsibilities?
Do you think your team can effectively handle not just your day-to-day IT roles, but also defending all assets, servers, devices, data, and users from determined professional hackers? Do you feel your team is overworked and does not have all the resources it needs? Are you aware that you are accountable for the security of all documented and undocumented systems your users are using for business? Do you feel prepared to stop cyberattacks on your systems?
Take a Stand
It’s time organizations no longer allow themselves to be divided and conquered by hackers. Acknowledge the state of the Internet and yours and your organization’s place in it. Do some self-reflection and examine your organization to see how to adapt to the internet we now live in. A lot is at stake, and it may be up to you to change things for the better.