It was a catastrophic Christmas for retailer Target, which had to admit that its customer data was hacked, resulting in the theft of close to 40 million credit and debit card records and some 70 million other records holding customer information. That was followed by news of a breach of luxury retailer Neiman Marcus’ data, which caused more than a million credit and debit cards to be compromised.
Last year, giant corporations including the New York Times, Wall Street Journal, Apple, Facebook, LinkedIn, and Twitter reported security breaches, while hacking has also hit the governments of South Korea and China. Given this track record, it’s clear that no one is immune, and every organization must be on the offensive to ward off attacks. In a very real sense, these are acts of war—cyber war.
When it comes to war, it’s not uncommon to hear people quote the ancient Chinese military general, strategist, and philosopher Sun Tzu, whose tenets apply here. As he wrote:
“If you know the enemy and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, for every victory gained you will also suffer a defeat; if you do not know your enemies nor yourself, you will succumb in every single battle.”
Add to that, “Speed is the essence of war.”
I look to these among his 144 famous quotes because they reflect the key aspects of good governance in the age of cyber warfare. Knowing your enemy and yourself means you understand their vulnerabilities and strengths just as well as you understand your own. It means you have threat intelligence; and with situational intelligence you can achieve speed.
Technology is the weapon of choice in cyber warfare, and between the two sides it’s become the equivalent of an arms race. But despite the fact that most organizations have the best technologies in place, they’re either still under attack or they fear the potential for an attack. All of which suggests that it’s not so much the technology that needs reassessing, it’s the governance around people and processes.