Move beyond cybersecurity to take protection of your digital business to the next level
Beyond Cybersecurity: Protecting Your Digital Business arms your company against devastating online security breaches by providing you with the information and guidance you need to avoid catastrophic data compromise. Based upon highly-regarded risk assessment analysis, this critical text is founded upon proprietary research, client experience, and interviews with over 200 executives, regulators, and security experts, offering you a well-rounded, thoroughly researched resource that presents its findings in an organized, approachable style.
Members of the global economy have spent years and tens of billions of dollars fighting cyber threatsâbut attacks remain an immense concern in the world of online business. The threat of data compromise that can lead to the leak of important financial and personal details can make consumers suspicious of the digital economy, and cause a nosedive in their trust and confidence in online business models.
Understand the critical issue of cyber-attacks, and how they are both a social and a business issue that could slow the pace of innovation while wreaking financial havoc
Consider how step-change capability improvements can create more resilient organizations
Discuss how increased collaboration within the cybersecurity industry could improve alignment on a broad range of policy issues
Explore how the active engagement of top-level business and public leaders can achieve progress toward cyber-resiliency
Beyond Cybersecurity: Protecting Your Digital Business is an essential resource for business leaders who want to protect their organizations against cyber-attacks.
Trusted by 375,005 students
Access to over 1 million titles for a fair monthly price.
1 Cyber-attacks Jeopardize Companiesâ Pace of Innovation
All business investments require trade-offs between risk and reward. Does the interest rate on a new bond issue adequately compensate for the risk of default? Are the potential revenues from entering a new emerging market greater than the risk that the investments will be confiscated by a new regime? Does the value of oil extracted via deep-water, offshore drilling outweigh the chance of a catastrophic accident? Tough questions must be answered by weighing up the business imperatives against a calculation of the riskâand the greater the risk, the harder it is to make the case for investment.
Technology investments are no different. They, too, have always been a trade-off between risk and return. However, for enterprise technology, increased global connectivity is raising the stakes on both side of the equation. The commercial rewards from tapping into this connectivity are enormous, but the more tightly we are connected, the more vulnerabilities exist that attackers can exploit and the more damage they can do once inside. Therefore, when a manufacturer invests in a new product life-cycle management system, it is making a bet that the system will not enable the theft of valuable intellectual property. When a retailer invests in mobile commerce, it is betting that cyber-fraud wonât critically damage profitability. When a bank invests in customer analytics, it is betting that the sensitive data it analyzes wonât be stolen by cyber-criminals. The odds on all those bets appear to be shifting away from the institutions and toward cyber-attackers. They could swing decisively their way in the near future given most companiesâ siloed and reactive approach to cybersecurity.
Our interviews with business leaders, chief information officers (CIOs), chief technology officers (CTOs), and chief information security officers (CISOs) indicate that concerns about cyber-attacks are already affecting large institutionsâ interest in and ability to create value from technology investment and innovation. Potential losses, both direct and indirect, reduce the expected economic benefits of technology investments, as do the high cost and lengthy time frame required to build the defense mechanisms that can protect the organization against a growing range of attackers. In short, the models companies use to protect themselves from cyber-attack are limiting their ability to extract additional value from technology.
RISK OF CYBER-ATTACKS REDUCES THE VALUE OF TECHNOLOGY FOR BUSINESS
Concern about cyber-attacks is already having a noticeable impact on business along three dimensions: lower frontline productivity, fewer resources for information technology (IT) initiatives that create value, andâcriticallyâthe slower implementation of technological innovations.
Lower Frontline Productivity
Compared to even a few years ago, companies have many more security controls in place that limit how employees can use technology. They prevent users from installing applications on their desktops. They turn off USB ports and block access to consumer cloud services such as Dropbox. They prohibit executives from taking their laptops to certain countries or require that the laptop be reimaged on return. Layers of security controls can even make turning on a desktop or laptop a prolonged and frustrating process at some companies.
Cybersecurity teams may have good reason to implement these measures. Unknown applications can contain malware that antivirus programs canât detect. USB ports can be a source of infection, and both USB ports and consumer web services can be a mechanism for inappropriately copying sensitive data.
Employees, however, can see such measures as draconian. Worse, they can directly affect productivity and morale. The salesperson canât hand a USB stick with a video about a new product to a potential customer. The executive traveling overseas has to spend time copying her contacts onto another disposable phone before the visit and is unable to access Skype from her laptop to speak to her husband back home while away.
Security controls also limit frontline experimentation, which has been the source of so much of the value users derive from IT. In the 1980s, the first bankers who started using Lotus 1-2-3 to construct pro-forma models didnât have approval from corporate IT. Twenty years later, IT had no idea that small groups of executives had started using Blackberries to communicate with one another. Today, such innovations would be an explicit violation of most large companiesâ information security policies.
As a result of these factors, 9 out of 10 technology executives say cybersecurity controls have at least a moderate impact on end-user productivity; in the high-tech sector, 60 percent say the impact on productivity is a major pain point. A senior technology executive at a large bank said that if the CEO realized how many hours were lost as employees struggled with security controls, âhe would hang us all.â The CISO for a high-tech firm said he was convinced that the security controls he had to put in place contributed to talented engineers leaving the company.
Unfortunately, in many cases, restrictive security controls do not even solve the initial problem. They can lead users to circumvent corporate IT entirely, ironically increasing the risk dramatically. For example, at one securities firm, many bankers became so frustrated by long boot-up times and other controls that they stopped traveling with their IT-issued laptops. Instead, they just bought cheap laptops with no security controls and used free web-based e-mail services to communicate with each other.
Even government employees find workarounds. In a 2010 survey of U.S. federal officials, just under two thirds said security restrictions prevented them from getting information from some websites or using applications related to their jobs. The solution: using a nonagency device to access the information they need. In fact, more than half said they accessed information from home instead of from the office to get around the security controls.1
Less Money for IT Initiatives that Create Value
Direct cybersecurity expenditures are small compared to overall IT budgets and business revenues, but cybersecurity still diverts resources away from IT projects that create value because of the downstream effects it has on other IT functions such as application development and infrastructure.
It is hard to get a handle on how much companies spend protecting themselves from cyber-attacks. Some security-related functions, such as firewall management and identity and access management (I&AM), may be located in security budgets or may be found elsewhere in IT. This, as well as differences in security posture, means that there is a large range in how much companies spend on their cybersecurity function. Most commonly, cybersecurity organizations represent between 2 and 6 percent of an IT functionâs budget, though we know of some companies that dedicate as much as 8 or 9 percentâtypically those with stringent requirements or that are in the middle of large programs to improve their security capabilities (Figure 1.1).
FIGURE 1.1 Cybersecurityâs Share of the Overall IT Budget Can Vary WidelyâEven within One Sector
Although cybersecurity is growing more quickly than other areas of enterprise IT, direct cybersecurity expenditures do not appear to be that big an issue for most companies. While some of the largest banks and telecommunications firms can spend several hundred million dollars on cybersecurity, many other large companies spend much smaller amounts. For example, a $25 billion manufacturing company that devote...
Table of contents
Cover
Title page
Copyright
Foreword
Preface
Executive Summary
1 Cyber-attacks Jeopardize Companiesâ Pace of Innovation
2 It Could Get Betterâ or $3 Trillion Worse
3 Prioritize Risks and Target Protections
4 Do Business in a Digitally Resilient Way
5 Modernize IT to Secure IT
6 Engage Attackers with Active Defense
7 After the Breach: Improve Incident Response across Business Functions
8 Build a Program that Drives toward Digital Resilience
9 Creating a Resilient Digital Ecosystem
Conclusion
Acknowledgments
About the Authors
Index
EULA
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, weâve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere â even offline. Perfect for commutes or when youâre on the go. Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Beyond Cybersecurity by James M. Kaplan,Tucker Bailey,Derek O'Halloran,Alan Marcus,Chris Rezek in PDF and/or ePUB format, as well as other popular books in Business & IT Industry. We have over one million books available in our catalogue for you to explore.
