Tuesday, 29 November, 2022

Pay Heed To Cybersecurity


The world is currently undergoing the fourth industrial revolution (4IR). The defining feature of the 4IR is the digital space where numerous sectors involve and conduct different activities. Transformation in this mode of performance has resulted in a massive shift in business and labour.

The formation, flow, and consumption of capital have gone digital. The digital disruption has not only brought forth new opportunities for companies to grow in quick time with unique services but also invited a host of new threats challenging business and organisational strength and integrity. As investment in innovation is on the rise, so are the companies in need to augment investment against new challenges. Organisations in any corner of the globe are facing hard times to cope with security challenges. The new form of security is evident - cybersecurity, which encompasses the computer and internet spheres. Comparatively, organisations, firms and companies with robust and resilient cybersecurity in place are capable to fend off the cyber threats while those lagging adequate agility and resilience in this regard are the butt of cyberattacks, thereby losing huge finances. Many factors determine the status of cybersecurity in any firm, e.g., the capacity of CEOs and employees, managerial skills and failures, behavioural science.

A spectacular book to learn more about the above issues is available -"Cybersecurity: Insights You Need from Harvard Business Review", a compendium of seminal essays on cybersecurity. Fourteen essays deal with emerging issues around cybersecurity, focusing mainly on private organisations. Written by eminent persons on the computer, security management, cybersecurity, privacy, information technology vulnerabilities, strategy and national security, the book is useful to build knowledge on how cybersecurity can be maintained in the IT-dominated world.

The competition gives an impetus to a thriving business. Competitive businesses earn pubic trust and make a huge financial gain. For this safety of products and quality of service are imperative. And, the safety and quality are determined by the measures the company/firm adopts to stay strong and resilient in the cyber system. Cybersecurity should therefore be the top priority of the companies at present. Safety of both software and hardware and of employees is key to functional organization. The breach of data and privacy of any firm is not a minor accident but a severe assault on the identity and sustainability of the system and the firm itself. In this regard, those to play a major role are obviously the CEOs. But mistakes and foibles on the part of leadership are to be blamed for attacks on companies. In the essay, 'The Behavioral Economics of Why Executives Underinvest in Cybersecurity,' Alex Blau writes how CEOs pay huge attention to outward threats to any firm while grossly ignoring the threats from his/her own employees in the office while many crimes are perpetrated by the employees themselves to damage the company/firm. Disregarding employees' behaviour is therefore a blunder in this complex, hyper-connected time.

Similarly, in another essay, 'Why Boards Are Not Dealing with Cyberthreats', writers J Yo-Jud Cheng and Boris Groysberg, argue that 'directors acknowledge cybersecurity as an urgent global issue, but they are failing to make a connection between the pervasiveness of cyber threats and their companies' vulnerabilities. They suggest the boards raise cybersecurity-related related questions, even if they don't know the answer; make cybersecurity debriefings a regular agenda item at board meetings; advocate for investments in data security and risk management infrastructures within the organization, and bring external cybersecurity experts as consultants for full board members. In this essay, the writers have highlighted how the CEOs are still belittling cybersecurity despite seeing it as a global threat. Needless to say, their recommendations are helpful to protect the institution's properties and retain its image.

Dante Disparte and Chris Furlow emphasise better training to employees and preparedness to ensure cybersecurity. They wonder about the dearth of cybersecurity readiness. They assert, 'As the scale and complexity of cyberthreat landscape is revealed, so too is the general lack of cyber security readiness in organizations, even those that spend hundreds of millions of dollars on state-of-the-art technology.' According to them, the major sources of cyberthreat are not however technological. 'They are found in the human brain, in the form of curiosity, ignorance, apathy and hubris. These human forms of malware can be present in any organization.' These lines substantiate the reality that technology alone is not the solution or the problem. Human curiosity is both the cause of destruction and creation. As curiosity sometimes breaches the system, apathy equally leads to breakdown. Addressing human shortcomings is suggested by them to curb cyber threats.

It may sound minor or simple- we often click 'Remind me later' when it pops on screen, but it cost dear. Talking about the bad habits of employees, Alex Blau again writes, 'When it comes to updating our computers and devices, we're often provided with an easy "out" in the form of a "remind me later" option. It is a stronger reminder indeed for every one of us who use a computer daily. How ignorant we are to avoid the updates on our digital device/system on time and get hurried only when the message of 'your anti-virus time is expired.' As the writer said, it has a direct bearing on your device and data. Until the time we update anti-virus, various data might have been breached or the software corrupted in our ignorance. Other essays in the book also remind us of other human failures and blame technology when it comes to cyberthreat.

The book is an essential read for bankers, managers, IT professionals, entrepreneurs, CEOs, businesspersons, security officials, and employees. As Nepal is also aspiring to be digital Nepal, this book can be a captivating guide to stay aware, prepared and resilient for any firm or company. Cybersecurity is not just for the safety of digital property, but also for the smooth functioning of the system and credibility of any business and industry, the book emphasizes. The book with 158 pages is published by Harvard Business Review Press. Its' price is Rs 958 in the Nepal market.