As a career soldier and construction engineer that culminated in becoming a one-star general with the Dutch army and first General Manager of the NATO Communications and Information Agency, Koen Gijsbers (right) brings a remarkable amount of varied experience to his role as Board Director of CyNation. Bearing this in mind, what lessons might his NATO work offer to businesses trying to cope with cyber crime?
As Koen explains: “NATO has more cyber attacks than the rest of the world put together. So the cost of the systems was less important than the risks involved. NATO should always be the last resort: even if nothing else is working, NATO should.
“Some of the thinking derived from my experience with NATO includes asking several key questions, including:
- How do I survive a cyber attack?
- What risk do I have in certain elements of my company or my supply chain?
- What is important?
- What value is at risk?
“Understanding the value at risk enables you to take measures. So you can:
- Do nothing! From an IT perspective there are systems that are less relevant to the company than others. Yes, they are nice to have, but there is less need to put effort into defending them, because the company won’t go down if something happens to them.
- Mitigate the risk, which means that you take a technical solution or training to fix things. Of course, this costs money.
- You can transfer the risk through insurance. But you need to have a good analysis of your own ecosystem and this includes your suppliers. You then need to translate this to the business.
“You need to translate the technical risk to the business risk and the business risk to the value at risk, so that you can make proper decisions of one of those three options. CyNation can play an important role in the supply chain analysis of risk.”
“The maturity of companies is also important. Less mature companies focus on their own risk and on their own IT. But then you see that one of the biggest attack factors in cyber security is the suppliers. Even companies with low maturity should take basic measures in order to understand how well their suppliers are protecting themselves and they are not just working in a vacuum.”
Take a look at Koen’s previous blog piece via the link.