ESSENTIALS FOR LEADERS AND THOSE THEY LEAD
|
Click to get this newsletter weekly |
|
Gas pipelines. Dams. Water supplies. Movie studios. Hospitals. In recent years internet hackers and ransomware agents have demonstrated that they are nothing if not eclectic. Also, stealthy and immensely capable. The proliferation of ransomware attacks this year and efforts to prevent them should hold the attention of anyone with access to a computer keyboard. This week let’s gather the experts for a leader’s primer on the state of this growing threat. |
|
Not so long ago, computers mostly stored data locally. But as digitization and connectivity spread to define much of our lives, so did the proliferation of the software code that powers it. When hackers find software errors in that code, they can gain unfettered, invisible access to networks. They call the glitches for which there is no existing patch “zero-days,” (pronounced “oh-days”) because at the moment the flaw is discovered, it’s been zero days since the software developer has detected it and figured out a defense for it. As opportunities and capabilities have grown, hacking, once almost the exclusive domain of state-sponsored spies, has become popularized and has produced a burgeoning worldwide black market in software bugs. Attacks on critical infrastructure, once known only as acts carried out by nation-states, have also now moved into the crosshairs of ransomware actors, necessitating steps to better align and protect the vulnerabilities of not only IT systems but also the operational elements of assets such as gas pipelines and water treatment plants. |
|
That’s the definition of “hacker” in The New Hacker’s Dictionary, as provided by journalist Nicole Perlroth in her book This Is How They Tell Me the World Ends: The Cyberweapons Arms Race (Bloomsbury, February 2021). Victims might take exception to that definition and the hacker’s ethics, but it’s also clear that some of history’s most revered entrepreneurs fit the bill, and today, many institutions ironically rely on them for their digital security. A review of Perlroth’s work in the New Yorker profiles the zero-day mercenaries and recounts the widespread challenges governments and companies face (even the infrastructures of COVID-19 testing, care, and vaccination development have not been off-limits during the pandemic). |
|
“Cybercrime is becoming industrialized,” says John Noble, the former director of the United Kingdom’s National Cyber Security Centre. “Vulnerabilities are identified by one set of groups that then share the information with criminal groups.” In this podcast with McKinsey partners Frithjof Lund and Wolf Richter, the trio explore the new challenges facing corporate boards and executive teams—as the vulnerabilities of digitization spread to new industries and companies face new risks from the expansion of remote work—and why cybersecurity can no longer be safely considered only the responsibility of chief information officers. |
|
|
It’s about more than just tech |
|
|
For most executives and teams, the cybersecurity challenge is a real-world threat wrapped in indecipherable computer code. But for leaders, it is crucial to understand that the responses must go beyond purely technical ones. Readiness can also mean low-tech exercises: reviewing your incident-response plans, defining your communication alternatives, and checking your insurance policies. And when it comes to people, educating employees rather than building barriers that close them off from information can create a much healthier and more cohesive organizational response to cyber crises.
|
|
|
|
— Edited by Bill Javetski, an executive editor in McKinsey’s New Jersey office |
|
Click to get this newsletter weekly |
|
|
Did you enjoy this newsletter? Forward it to colleagues and friends so they can subscribe too. Was this issue forwarded to you? Sign up for it and sample our 40+ other free email subscriptions here.
|
|
|
Copyright © 2021 | McKinsey & Company, 3 World Trade Center, 175 Greenwich Street, New York, NY 10007
|
|
|