29 Jan The Growing Surface of Attack and What Cybercrime has in Common with Street Crime [Q&A with Steve Morgan of Cybersecurity Ventures]
Trillion with a “T.”
Cybercrime damages will cost $6 trillion annually across the globe by 2021. That’s double the figure from 2015, which came in at about $3 trillion. It’s a number that’s calculated by an organization called Cybersecurity Ventures, a cybersecurity media property, founded by Steve Morgan.
As astonishing as those numbers are, Mr. Morgan believes the estimates are misunderstood. This is because he draws a parallel between street crime and historical population growth: as the number of internet users grows, so too does the surface area of attack and therefore cybercrime and the associated costs.
Mr. Morgan has a long resume in cybersecurity. He’s worked for vendors, he’s conducted high-profile research, and he has made many contributions to publishing around the web. In 2017, LinkedIn named him as a security influencer to follow citing the Cybersecurity 500 – an annual ranking of cybersecurity companies created by his organization.
We recently had a chance to catch up with him for our growing Q&A series with cybersecurity thought leaders.
1) Based on your research, what would you say are the top challenges in cybersecurity today?
SM: Retaining and recruiting “experienced” cybersecurity professionals, in that order. We are suffering through a worker shortage in our space – and there’s lots of opportunity for the more experienced people. You cannot ever take a senior cybersecurity staffer for granted. Money is only one part of the equation. The better people need to be challenged, work on cutting-edge platforms, and learn something new every day.
2) Year after year the cost of cybercrime damages rises even as organizations increasingly invest more in people, process and technology to head it off. Can you ever envision a time where these costs fall?
SM: Not for a long time. But many people misunderstand the figures. We are going through a natural evolution of cybercrime now – much like street crime and other forms of crime that evolved over long periods of time consistent with population growth. Cybercrime costs are a natural outgrowth of a massively expanding cyber attack surface. A few short years ago, less than half the world’s population was online. By 2030 we expect that 90 percent of humans over the age of six will be online. It’s not just about more sophisticated (cyber) weaponry; it’s as much about the growing number of human and digital targets.
3) All these numbers can feel overwhelming for business leaders. What advice would you have for the CEO or business leader trying to make sense of this data to make good decisions that will protect their enterprise?
SM: For large enterprises, invite the CISO into the boardroom so that you can truly understand the risks and how to become as cyber-resilient as possible. If you want to be a cyber secure organization, then you need to make it a boardroom topic.
>>> Also see this related piece: Four-Time CEO Says Corporate Culture is the Most Important Defense in Cybersecurity
4) Technology leaders charged with security – be it a CIO, CTO or CISO – can also feel overwhelmed by the growing responsibilities. What advice would you have for them that would help them in their role?
SM: This may not be a direct answer, but it will directly help the CISO and other senior executives cope with these responsibilities. Develop a peer network of other CISOs, etc. Now! The best CISOs I know – the ones that are most prepared and confident and are effective leaders – have strong peer networks. There’s power and knowledge in unity and collaboration. If I’m the CISO at a large healthcare system, then I should be talking to others in the same role. It’s like your personal life. No problem is too big to deal with if you have the proper support system in place.
>>> Also see this related piece: Leadership, Culture and Business Savvy: 13 Big Cybersecurity Ideas for the CISO by CISOs
5) Are there any new cybersecurity concepts or initiatives you find especially interesting and why?
SM: Girls Scouts of the USA. We named Sylvia Acevedo Cybersecurity Person of the Year in 2018. What she is doing with the Girl Scouts is truly pioneering. Here’s a podcast video interview we did with her. It explains. And here’s the evidence of her work – a video we filmed of 7-year-olds. These girls are incredible, and many of them will be our future cyber fighters.
6) Is there a question I didn’t ask, but you would like to address?
SM: Women in Cybersecurity. We see this finally moving in a really positive direction. We predict the number of women in our field is now at around 20 percent. And we expect it to go up from here. Women are half the world’s brainpower. Without them, we don’t stand a chance. With them, we’ll have the best corps of cybersecurity professionals.
7) Here’s a lightning round of questions to close out this interview:
- One security publication you read and recommend is… (SM) Sorry, but I can’t pick one. But these are our favorites. I read different media for their own unique coverage. For instance, our media focuses on the cyber economy and produces a lot of research. And we have special coverage of F500 CISOs. But we don’t break the news on hacks and breaches. A smart reader will identify their own portfolio to keep in the know. And we hope they’ll choose Cybercrime Magazine as one of them!
- One security expert you recommend following is… (SM) Scott Schober (@ScottBVS). He’s great and provides such a balanced view of what’s going on in the world of cybersecurity. Scott is the author of Hacked Again, a fantastic book for anyone in our field and especially small businesses. He is a guest host for us at times. On top of that, he’s one of the nicest people you’ll ever meet.
- If a CISO just received 10% more budget, you advise him to spend it on… (SM) A reserve fund for evaluating new technologies such as AI. You can never spend enough on prototyping security technology in order to cut through the vendor hype and truly understand how something will work in your environment.
- If you could attend only one cybersecurity event, it would be… (SM) RSA Conference. They earned it over many years. And they never stop working at it. But there are many great events. If I can throw a second one in there it would be a new entrant making a big splash – FutureCon, with 24 cybersecurity conferences in North America for 2019.
- If you weren’t working in cybersecurity, you’d be… (SM) At home with my 6 kids wondering why I ever left cyberspace.
* * *
You can engage Steve on LinkedIn or Twitter. In addition, Newsday recently published a profile about Mr. Morgan and Cybersecurity Ventures for those interested in learning more about him or his organization. Finally, you might enjoy the archive of cybersecurity cartoons Cybersecurity Ventures has published.
Note: If you’d like to be interviewed for this Q&A series, please send an email to media (at) bricata (dot) com and be sure to put “Q&A” in the subject line.
If you enjoyed this post, you might also like:
3 Reasons Why the Integration of Cybersecurity Tools is a Growing Imperative