There are two types of companies: those who have been hacked, and those who don't yet know they have been hacked.
Major players in every industry were plagued by security breaches or incidents in 2014, though only the most high profile attacks made their way into the headlines. We found that 100 per cent of business networks have traffic going to websites that host malware, and the number of cybersecurity incidents involving US government agencies jumped 35 per cent between 2010 and 2013. There is no indication that this is going to subside, and trends show that attacks continue to evolve in their sophistication and frequency. Because of this, it's no longer a question of if - but when - cybercriminals will get into our networks or data centres.
Last year at the World Economic Forum, I wrote about how the Internet of Everything (IoE) - a global nervous system of networks connecting people, process, data and things - would change the world. Now, one year later, we have already seen the impact. Wearable health and performance monitors, smart cars, smart grids, connected oil rigs, and connected manufacturing have begun to revolutionise the way we work, live, play, and learn.
A new approach to security
The Internet of Everything presents a US$19 trillion (S$25.4 trillion) global opportunity to create value. However, in the era of ubiquitous connectivity, security will be an even bigger concern. Simply extending existing IT security postures to the Internet of Everything will not be enough. A new approach to security, disruptive thinking and innovation is critical.
I urge today's leaders to consider the following:
By design, threats take advantage of trust in systems, applications, people and businesses. The reality is that there is no such thing as a trusted network or device, and oftentimes, people are the weakest link when it comes to threats entering an environment. While this might sound insurmountable, it's actually an opportunity for companies to approach security as a growth engine, by designing strategies that leverage technology and security expertise. We must look at security across the attack continuum - before, during and after an attack.
Every company is a security company
To maintain a strong level of trust with customers, partners and employees in this environment, businesses must think of themselves as security companies. While there is no such thing as a trusted network or device, a strategy that focuses on the core security issue - threats - will allow network defenders to advance beyond the abilities of attackers to address the extended network and evolving business environments.
Good leaders need to be unrelenting in their self-assessments of security: What controls do we have in place? How well have they been tested? Do we have a reporting process? What else should we know?
Security is no longer just a technology issue - it applies to everyone. It's necessary for technology and business leadership to align and discuss potential risks and work together to find solutions that protect intellectual property and financials alike.
Global vigilance and collaborative intelligence are crucial. With no common set of standards in place, the debate over Internet security is heightening around the world. Cybercrime is already flourishing in areas with weak cyber governance like in Eastern Europe. Eventually, this varied approach to security could lead to restriction of the flow of data across borders. A global dialogue among governments, society, and the private sector, can help create agreement on how to secure the Internet economy. Progress of the Internet Engineering Task Force (IETF) and other standards bodies are making the future look promising through collaboration, but ultimately, it's up to today's leaders to come together to solve cyber governance problems.
The Internet of Everything can transform our world, but to create meaningful change, we must rethink how we are going to make sure everyone can capture opportunities in a secure way. We must do this in a way that strategically positions security as a growth engine not only for each individual business, but also for the global economy. If everyone in the global community looks at security as a common cause that can bring us closer together, then we can also move forward together to address the technological and economic problems of our world.
The writer is the chairman and chief executive officer of Cisco and a participant at the recently concluded World Economic Forum annual meeting in Davos. This piece first appeared in the World Economic Forum blog, https://agenda.weforum.org/