Lalit Ahluwalia is the Founder and CEO of “DigitalXForce – Digital Trust Platform,” and “iTRUSTXForce -Outcome based Cybersecurity Services”.
Cybersecurity is a hot topic in today’s digitized world, and for good reason. A recent report published by Cybersecurity Ventures revealed that in 2021, the global cost of cyberattacks was $6 trillion. We should expect this number to grow in the years to come.
Here’s the gist: Cybersecurity experts act as physical law enforcement and border safety agents (police and military) in our traditional ecosystem by protecting digital assets from threats and attacks in a digital environment. However, many cyber experts offer solutions to organizations against attacks at “bank-breaking” costs.
Therefore, these opportunists thwart the true concept of cybersecurity as a solution open to all. By focusing on making profits and showcasing cybersecurity as a “money tree,” many cyber professionals have not only failed to make digital order accessible to all, but they have also failed to promote cybersecurity as a corporate social responsibility.
So, this begs the question: What if the “physical law enforcement” agents we know today worked for and favored privileged individuals over others? What if national defense forces worked only for money and to become rich without considering the populations they defend?
Think about it. Imagine the chaos such a mindset would bring to us all. Cybersecurity plays the same role in the digital ecosystem as law enforcement agents in the physical ecosystem. However, most cybersecurity professionals and investors are in the game for money, not to make a lasting impact by providing reliable security solutions.
Much like law enforcement agents, every business and individual deserves the same level of cybersecurity service. However, that is not the case. There are thousands of small and medium enterprises (SMEs) that can’t afford it and are relying on “check the box” exercises to meet their security needs. High-profile cybersecurity companies are most interested in larger enterprises that can afford them. This creates a massive gap that leaves cybersecurity inaccessible to the common man.
Consequences Of Making Cybersecurity A Money-Making Game
Because most cybersecurity professionals and companies prioritize money-making over corporate social responsibility, the consequences cannot be over-emphasized. Here are a few to keep in mind:
1. Prioritizing Short-Term Profits Over Long-Term Security
There is a temptation to focus on short-term profits by cutting corners on security measures, which leads to vulnerabilities that can be exposed to attackers and exploited by these bad actors.
2. Rise Of Cybersecurity Snake Oil
As the demand for cybersecurity products and services grows, so does the number of unscrupulous vendors who are willing to sell products that do not actually work. This can lead to businesses and individuals spending money on ineffective security measures that do not actually protect them from attack.
3. Lack Of Trust In The Cybersecurity Industry
No business operates successfully without trust. When we prioritize short-term profits over long-term security, there is a risk that people will lose trust in the industry.
The Ethics Of Money-Making Cybersecurity
In addition to these consequences, there are also a number of “ethical” concerns that arise:
1. Exploitation Of People’s Fears
When cybersecurity is used as a tool to make money, there is a risk that vendors will exploit people’s fears by selling them products and services that they do not need.
2. Commodification Of Security
When cybersecurity is showcased as a commodity, it leads to a loss of focus on the human element of security.
Is there a way out of this mess? Yes!
How To Avoid Digital Dooms Day
Securing the future of our digital world is not only an expectation, but it’s also a necessity. Fortunately, there’s a way out.
Here are some practical approaches to avoid this digital disaster day or digital dooms day:
1. Redefine Cybersecurity
We need to shift our focus from protecting systems from attack to building secure systems from the ground up and enabling digital trust.
2. Adopt Proactive Approaches To Cybersecurity
Organizations should be more proactive in their approach to cybersecurity. Waiting for an attack before implementing a robust cybersecurity program is like stepping on a time bomb before considering your safety.
3. Promote Communication And Openness
Sharing information about threats and vulnerabilities through various communication channels will help us to learn from each other’s experiences and build stronger defenses.
4. Create Awareness And Educate The Public About Cybersecurity
When people are aware of security risks and their role in a cyberattack, they will be more informed and prepared to take proactive steps to mitigate risks. An informed public will more likely not shop from cybersecurity snake oil vendors.
5. Make Cybersecurity A Priority In Businesses And Government
Businesses and governments need to invest in cybersecurity and make sure that their systems are secure.
6. Encourage Investment In Automated And Outcome-Based Cybersecurity Solutions
This means investing in products and services with a proven record of effectiveness, even in the face of sophisticated attacks.
7. Support Research In Effective And Affordable Cybersecurity Solutions
The reason for this is simple: to ensure that there are viable security solutions available for businesses and individuals of all sizes.
8. Hold Vendors Accountable For The Security Of Their Products And Services
Finally, let’s make a conscious effort to “arrest and rehabilitate” the bad actors behind the scenes in our society—cybersecurity vendors selling snake oil to the digital-naive world.
Cybersecurity Is A Call To Serve All
Cybersecurity is more than just a money-making game. Cybersecurity is a call to serve all. However, many high-profile companies and cyber experts fail to recognize the responsibility and instead prioritize the gains, leading to some consequences, including a focus on short-term profits over long-term security, the rise of cybersecurity snake oils and lack of trust, among others.
We can avoid digital doom and secure the future of the digital landscape by redefining cybersecurity as a corporate social responsibility and adopting proactive security approaches. It is high time to rewrite the trend. The time is now!
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?