I found this article from last year’s World Economic Forum and it got me thinking. In it, Ken Xie, CEO of Fortinet details what is necessary for Cybersecurity to be successful. Did 2020 change any of these challenges or did it accelerate them? He starts by saying three “truths” for security:
- Cybersecurity must be built-in to every product and system.
- Achieving this will pose four challenges for business leaders.
- By overcoming them, we can create a truly protected digital world.
This first “truth” is something I have restated to every technology provider and partner over the last year. Security has to be built into every product we make and not something that we rely on an outside provider for. Too many products have no security features in the rush to get them to market at the lowest price. In making that concession, we expose the data of our customers and possibly our partners. There are allegations that this is the case with Solar Winds: that cost cutting drove them to do software development in countries that did not keep the source code secure. The other side of this though is that customers need to make security spending part of every product. Security features must be demanded and security innovation should be recognized. Instead many customers also fall into the “cheapest” argument and buy simply because it saves money but in the end, it also exposes them to new security threats.
The four challenges expressed by Mr. Xie are as follows:
1) Real-time information sharing
2) Widespread collaboration in cybersecurity
3) Creating and promoting a common vision for integrated cybersecurity
4) Promoting the technology platform we need to make this work
These are profound in their simplicity and yet I continue to ask the question every year: Are we more secure this year than last? Are we closer to a protected digital world? Cynicism in light of the recent breaches would lead me to say no and yet the silver lining out of these attacks is that there was some collaboration which revealed the depth of the attack. FireEye revealed its own breach and in their investigation, revealed the deeper trouble with SolarWinds. I am not so sure the same thing would have happened five years ago. I commend FireEye and their leadership for being transparent and in helping to expose this massive breach.
So where do you feel we are as a country? Where do you feel we are on this roadmap towards a more secure digital world? Can we ever reach this lofty goal? Does every country have the same goal in mind?