People who don’t have to do it seem to not understand the nature of the cyber threat. This very short summary is intended for everyone who is responsible for it to hand to everyone else to help start a conversation and gain mutual understanding.
The 6 questions people are commonly taught to ask are: who, what, where, why, when, how. I will be answering them at a very high level and very briefly…
Who:
The threat actors include everybody and everything, individually and in groups. Anybody is or can become the cause of failures in cybernetic systems that we have come to depend on.
What:
There are lists of 100+ generic sorts of things threats can do, with millions of new specific instances per year deployed, detected, and potentially causing harm.
Where:
Threats come from anywhere and everywhere, including inside and outside everything and everyone we depend upon, and they can cause harm directly or indirectly anywhere.
Why:
There are many different motives ranging from insanity to money and power, revenge, religion, and the list goes on and on. There are always reasons.
When:
In time scales ranging from milliseconds years, 24 hours a day, 7 days a week, every day and night, at programmed through randomly selected times, many at once, always, and forever.
How:
From trivial one-time acts through complex planned and adaptive sequences of acts, and exploiting prior accidental and/or intentional and/or induced acts of others and circumstances.
It’s not paranoia
Fear is not paranoia if they really are out to get you. And history shows that they are. Who is that? See above. What might they do? See above. Why, where, when, how? See above. What history is that? Start by reading the 10,000+ incidents from the Risks forum and go from there. Look in the media. Look at what’s happened to people you know. Study it and find out. Or you could just trust me…
Conclusions
It is simple really. There are overwhelming forces fighting against anyone with something worth protecting in the cyber world, and we all have things worth protecting. We do our best, but realistically, we can never be good enough. Just as good as we can be.
Click Here to Enroll for an Online Certification Course in Trust Architecture