Cybersecurity: shared risk, shared responsibility
by Augie K. Fabela II
One of the most important things to recognize about the Internet and about the digital age we are currently living in is that it is isn’t simply the product of amazing technology. It is the product of the sharing of this amazing technology – sharing ideas and data on the one hand, and sharing networks and infrastructure on the other.
The sharing has brought immense and immeasurable benefits, by giving people access to unprecedented amounts of information and many unimaginable opportunities. It also brings security risks, which require critical stakeholders such as mobile operators to be able to quickly resolve crises, while also spreading responsibility for prevention across a broader range of network participants.
From my experience as Board Director and Chairman of the Board at VimpelCom, we need to ask the right questions to ensure the prevention of cyber crises:
- What systems do we have in place to guard against cyber-attacks?
- What teams do we have in place to ensure rapid response programs can be implemented to limit cybercrime?
- What processes do we have in place in the event of a crisis? Do you know what they are?
- What notification and decision-making escalation systems do we have in place that cross management levels and geographies?
- How closely are we working with our partners’ cross-company and cross-interest to ensure we are having the right conversations about what needs to be in place to identify, manage and counter cyber-attacks?
Given VimpelCom’s unique footprint, which covers markets with some continuing instability and conflicts, this is an area where we have much experience. Two cases are particularly illustrative: the first, where we fended off an attempted hack of Gemalto SIM data that involved one of our countries as a result of having had the right system in place beforehand—in this case, an additional layer of data exchange security. In the second, we had the ability to respond to a physical attack on one of our key business facilities that allowed us to make a decision that protected the entire customer database of one of our companies within 30 minutes. Without a pre-agreed and committed escalation process in place, we could have faced massive customer exposure and revenue loss.
Robust internal approaches to preventing and managing cyber crises can only go so far however. A broader approach to shared responsibility for prevention is more important now than ever because the growth of the connected world is accelerating. All kinds of data is moving over to the cloud—the space where connections between systems becomes most critical. Mobile operators will need to take this very seriously as they move their own data to the cloud. It’s every bit as crucial to customers, as they rely on operators to manage and protect their data as they use it to engage with the people and institutions of their world.
Indeed, just as we are increasingly part of an ecosystem for developing digital services in the corporate world, we need to take a leading role in creating and sustaining an ecosystem for digital security. This means taking shared ownership of the security picture, participating in industry forums, cross-industry initiatives, and global platforms like the World Economic Forum, and keeping this high on the global agenda.
Without a collective, collaborative and innovative approach to digital security, we may fall short of delivering the true potential of what the digital world has to offer. The opportunities are too great for us to take that risk.
What do you see as your role in sharing responsibility for cybersecurity? And are there examples of effective behaviors or practices you would like to share?