As the news from Ukraine and Gaza shows us, war affects everyone. In addition to land, sea and air battlefields, wars are now fought in space and in cyberspace. Kevin Lynch, a Forbes Council member and CEO of cyber advisory firm Optiv, addresses the "fifth battlefield" of cybersecurity in a Forbes post (https://www,forbes.com/sites/forbestechcouncil/2023/12/05/cybersecurity-the-fifth-battlefield/?sh=225a3af22275).
Just as the armed services train for physical warfare, cybersecurity first responders must build and maintain resilience for cyber warfare. Lynch describes the fundamentals of a strong cybersecurity program:
- Prioritize the human element. Generative AI has made phishing and social engineering attacks more believable. Criminals (including states and state sponsored groups) can use these attacks to steal data, shut down systems and disrupt the economy. People are the first line of defense and need to be aware of the threats. Training needs to be frequent and focused on threat awareness, cyber-safe behavior and reporting of suspicious activity. Companies must prioritize cybersecurity "from the boardroom to the mailroom".
- Build enterprise resilience. Cyber attacks will happen. In order to recover quickly from a data breach, all business departments must identify critical assets - systems, data and applications - and the business processes they rely on. Quick and accurate response to cyber attacks requires mastery of security fundamentals including encryption, multifactor authentication and patch management, and developing and practicing an incident response plan.
- Form coalitions. Most threat actors are nation-states and organized crime groups. Individual organizations need trusted partners - public and private - to build a strong defense.
Organizations must be proactive and focus on people, processes, technology and partnerships to reduce systemic risk and build resilience.