Cyberwar; What boards and restructuring professionals need to know
“Data breach and theft losses run into the hundreds of billions of dollars each year, in addition to the incalculable loss of mission critical intellectual property.”
We who have labored long in the world of rebuilding companies are accustomed to harrowing periods: no cash, bellicose vendors, furloughing or firing employees. Now, however, we face a hidden enemy, the cyber attacker, whether thief or terrorist. How do we up our game to deal with these unfamiliar attacks?
First, recognize the stakes. Data breach and theft losses run into the hundreds of billions of dollars each year, in addition to the incalculable loss of mission critical intellectual property. Whether millions of customer records or the precious plans for the F-35 fighter jet are stolen, the cost is catastrophic in time, effort, and, of course, billions of dollars. And we have not even mentioned attacks on critical infrastructure. Sudden death is more than possible.
Estimates suggest we are creating 2.5 quintillion bytes of data each day in our companies. Efforts to protect that data are rapidly matched by efforts to steal or damage it. Investing in avoiding breaches, therefore, may be fruitless and distract the critical resources needed to respond to attack and remove the immediate threat. Whether acknowledged or not, few companies of scale have NOT experienced a breach.
Second, respect machine learning tools. Progress in using artificial intelligence has been exponential; these tools are mission critical for navigating the cybersecurity storm. They help find the attacker fast, reducing dwell time and giving the attacker less of a chance to cause devastation. Though we face a shortage of skilled cybersecurity professionals, the United States also has extraordinary scientists and programmers and many of the things they are doing are changing the game.
Third, share information. Cybersecurity is the ultimate team sport. We are all in this fight together. It is time to act, and there is no better time than right now. The "Cybersecurity Information Sharing Act" (CISA) encourages private entities to voluntarily report any hacks, suspected hacks or other cyber threat indicators that they experience to the Department of Homeland Security (DHS).
Once notified, DHS is empowered to facilitate the timely sharing of threat information and defensive measures with the business community. The goal is to create a real-time notification procedure for the dissemination of existing and potential cyber threats, and to head them off before they reach additional targets.
Importantly, CISA contains liability protections for private entities in connection with both threat monitoring and information sharing. Information collected or received in connection with cybersecurity monitoring under CISA cannot be used for other purposes, thus securing good compliance systems is important.
Finally, accept responsibility for this often arcane and confusing field. Our freedom, our individual liberties, our economic independence, and our national security are inextricably intertwined with the strength and security of our computer and cloud networks. We cannot have liberty and national security without network and cloud security. We in the restructuring industry are particularly well suited to helping our clients and theirs rise to this increasingly significant challenge.
Deborah Hicks Midanek
Independent Corporate Director and President, Solon Group