Cybersecurity is a team effort — one of those soundbites often heard in the cyberspace industry, usually mentioned in connection to the need for more public-private partnerships. What it really means, as MainNerve CEO Bruce Parkman likes to say, “We’re all in this together.”
Much like the reasons behind creating fire departments in the 1900s, we all share the risk of a flare up of cyberattacks and data breaches, caused by our proximity to each other through Internet connectivity — and we all share the responsibility for solving the problem.
Did you know that there are Darknet vendors who sell criminal cyber wares, hacking-as-a-service, denial-of-service-as-a-service, and do-it-yourself hacking kits? It’s possible for criminals to scan every country’s existing networks to locate vulnerable network access points — and hackers can do it within hours. That means that big, medium or small, any business connected to the Internet has roughly the same risk of getting compromised. Security by obscurity does not work when the attack method is a dragnet.
Is the sky falling? Cybersecurity is certainly a front-burner issue. Depending on which report is cited, cyberattacks cost the global economy several billion dollars every year, the direct costs of cleaning up the mess, consumer impacts, fraud and loss of intellectual property.
The problem is compounded by the human factor. For instance, a company performs all the necessary cybersecurity due diligence — a very important step from fiduciary and legal risk dimensions — yet it risks compromise from a staff member clicking on a phishing email or a vendor tying into a corporate portal with a compromised device. The risk from the supply chain is precisely how Target was breached. In short, the connectivity that brings us LinkedIn and Twitter, also introduces attack vectors.
CEO Parkman outlined what’s needed to succeed: “If cyber is to be the future of Colorado Springs, we all need to be in this battle together. Right now, the private sector has taken the lead, but local and state governments should assist if they want this vision to become a reality.”
In other words, what’s needed is a community-based, social-enterprise marketplace.
New marketplaces are emerging from Internet innovation all the time. Just look at social media and social networks, online sales and content distribution. Perhaps Bitcoin is the best depiction of an analogous marketplace. This marketplace has exchanges, retail users, trust-chain architectures and unique Bitcoin mining partnerships.
What’s the social enterprise aspect? Many startup businesses today, especially those created by Millennials, are formed with societal gain as part of the business objectives. Above a financial gain, they want to change the world for the better. At times, social enterprises draw from a long-term business strategy about participating and contributing as a boat-owner in a rising sea.
The social-enterprise connection to cyberspace resilience is: “We’re all in this together.” The leading feature of an ecosystem for cybersecurity is sharing information about threats. However, to establish a sharing economy for cyber-threat information, every part of the chain must be trustworthy. And that’s where social enterprise enters.
Too many cybersecurity vendors and community leaders broadly envision cybersecurity as a tremendous growth engine without defining and mapping the emerging markets. In truth, the cybersecurity market potential is immense; however, the starting point for community economic development is the social enterprise. That is, the marketplace for sharing is not itself a profit center. Why would any company contribute data that results in someone else’s profit?
Perhaps many companies might, if the value of the service outweighed detrimental factors. However, the ecosystem should be the community fire brigade: Nearly everyone needs to be involved. To achieve that level of participation, the leaders must be trusted as organizations, as well as having cyber-centric trust controls both architecturally and operationally. Economic development occurs in many ways and successful businesses are part of it. For cybersecurity however — at least within the emerging cyber threat information sharing ecosystem — the community needs to pursue a social-enterprise strategy to truly distinguish itself and benefit all its future ventures.
Doug DePeppe, co-founder of the Pikes Peak Cyber Champions forum, is a retired Army cyber law attorney who supported military operations in cyberspace, and served as part of the White House 60-day Cyberspace Policy Review. He can be reached at email@example.com.