Marc Groz is an independent inventor and author of Forbes Guide to the Markets. He has lectured worldwide on his inventions, whose applications include risk measurement and mitigation, cyber resilience, and economic development.
Christopher Skroupa: What are the elements of a resilient cyber organization?
Marc Groz: Cyber resilience is comprised of technical and human/cultural dimensions. A great deal of effort is being made to bolster technical cyber resilience, by private and public sector initiatives and private/public partnerships. One promising approach is Project Clean Slate, which is working to create an intrinsically secure cyber architecture. In marked contrast, we are only beginning to address the human/cultural side of things. If we fail to address this side of the problem, our best technical efforts may go to waste.
Skroupa: The technical side seems daunting enough. Is it really necessary to address the human/cultural?
Groz: Yes. Imagine that a firm has implemented robust technical cyber architecture. It automatically defeats a wide variety of cyber attacks, and flags new technical vulnerabilities for analysis and mitigation. Even such a firm will remain highly vulnerable so long as the human/cultural dimensions are not addressed. The best locks in the world won’t keep out an intruder, if that intruder has an accomplice inside. That accomplice may be witting or unwitting. In a sense, we are all unwitting accomplices when we fail to follow best practices, and our IT departments unwittingly enable the bad guys when they fail to train users in effective cyber practices.
Skroupa: When deploying new cyber resilience systems and methods, how can an organization improve the uptake speed with which such innovations are adopted?
Groz: By setting the right tone at the top, by combining proper training with proper incentives, and by continuous improvement made possible by careful observation, feedback, and learning, such as happens when playing a well-designed game. Gaming technology has enormous, as yet untapped potential to redefine the cyber posture of organizations of all sizes. Computer games that teach cyber best practices already exist, but need to be more tightly integrated into organizational processes and workflow. Much more can be done to incentivize users to be vigilant.
Skroupa: How do cyber security failures fit into this framework?
Groz: Failures can act to powerfully facilitate learning and behavioral/cultural change. One still hopes to avoid most of them, particularly the severe ones! “What doesn’t kill me makes me stronger.” Games that involve simulated cyber risks may be particularly well suited to preparing for the real thing.
Skroupa: How do you see the medium and long-term prospects for cyber resilience in organizations?
Groz: Depends on the organization! Enlightened leadership at the board/CEO level is the key. Recent (and presumably forthcoming) cyber failures will galvanize such organizations to do what it takes to achieve cyber resiliency. Enlightened leadership joined with innovative cyber/gaming technologies and well thought out incentives is a strategy for cyber success.
Serhat Cicekoglu, Director of Loyola University Chicago Quinlan, Center for Risk Management adds: “The culture of company and its attitude towards cyber security is pivotal for not only preventing a cyber-attack, but also for preparing to respond effectively after the fact. This requires executives to understand the wide range of attack scenarios and the probability of how they might be employed by attackers. New tactics are constantly under development by attackers from all corners of the world, changing the game of risk every day. The best line of defense afforded to companies is increased resiliency. And to increase resiliency, companies should consider the power of simulation technology. These highly sophisticated games offer executives needed diagnostic capabilities, empowering them to respond to cyber vulnerabilities and best manage against them.”
On October 14, 2014 , The Loyola University Chicago, Quinlan School of Business, Center for Risk Management Executive Dialogue Series will host its first in a series of seminars on Resilience—Big Data and Cyber Security. Join Serhat Cicekoglu, Marc Groz and a select group of 25-35 internationally renowned experts on Resilience: Big Data and Cyber Security October 14, 2014. To inquire about attending, contact firstname.lastname@example.org.