(WSJ) Corporate-knowledgeable cybersecurity consultants offer an overview of cyber defenses today and tomorrow.
Many U.S. corporations have learned how to defend themselves from cyber criminals and even hackers deployed by hostile countries. The most quoted line at cybersecurity conferences has long been that there are only two kinds of companies: those that were hacked and knew it and those that were hacked and didn’t know. But now, there is a third type of company: the “cyber-resilient” firm that suffers little or no damage when malicious hackers penetrate its network.
Not so long ago, the technology didn’t exist to permit companies to robustly defend themselves from cyberattacks. But now, by deploying dozens of specialized cyber-defense tools, some companies are minimizing their digital risk. The resilient companies usually share three qualities. First, their governance models don’t bury their chief information-security officers but give them direct access to their CEOs and boards. Second, these firms create an internal “culture of security,” largely through awareness and training programs. Third, these companies spend more on cyber defense—often 8% or more of their IT budgets.
Some of today’s cutting-edge technologies offer opportunities for both cyber attackers and defenders. Artificial intelligence is already being used to defend networks but is rumored to also be in use for automated attacks. The vastly faster processing speeds promised by quantum computing may be able to design more secure networks but might also be used to break the encryption upon which cybersecurity depends. The Internet of Things (which would connect everyday systems and objects to the internet) and 5G networks may be timesaving social boons but will also bring online many devices that haven’t been secured—and, in some cases, cannot be.