This is the ninth in a planned series of exclusive columns former Cisco Executive Chairman and CEO John Chambers is producing for The Innovator. Chambers, who is widely considered one of the best performing U.S. CEOs during his 25+ year tenure at Cisco, helped grow the company from $70 million when he joined in 1991, to $1.2 billion when he became CEO in 1995, to $47 billion when he stepped down as CEO in 2015. As Executive Chairman, a position Chambers held until December 2017, he led the Board of Directors and provided counsel to the CEO and leadership team on strategy, digital transformation and strategic partnerships, Chambers oversaw 180 mergers and acquisitions during his tenure at Cisco and managed the company through multiple economic downturns He currently runs JC2 Ventures as CEO and serves as an advisor to heads of state, including France’s Emmanuel Macron and India’s Narendra Modi. In this column Chambers talks about how corporates should think about cybersecurity.
Last week the French government’s chief cybersecurity agency, the National Agency for the Security of Information Systems (ANSSI), revealed that hackers – suspected to be part of a Russian cyber-espionage group nicknamed “Sandworm” – spent up to three years exploiting a vulnerability in software designed to monitor applications, networks, and systems. The multi-year intrusion campaign, which dates back to 2017, resulted in backdoor attacks on at least 15 French “entities,” via software from French IT company Centreon Systems. Centreon said only those using an obsolete open-source version of its software were affected. The discovery of the Centreon attack comes as more details are emerging about the SolarWinds hack in the U.S., which was discovered late last year and impacted at least nine different government agencies and 100 companies. The U.S. attack also involved exploiting vulnerabilities in an IT company’s software and went undetected for a long period of time.
These breaches in France and the U.S. demonstrate why cybersecurity should be one of the top three issues being discussed in every boardroom around the world. For business leaders, the number one priority today should be determining how digital can help the company with profitability, economic growth, and survival. Immediately following, CEOs and their teams should address how a company can change its business models to use new technologies like the Internet of Things (IoT), artificial intelligence, and edge computing. Then, there needs to be discussions and decisions about cybersecurity. Every time progress is made on a technology, an equally challenging and complex set of security challenges is sure to follow. As we move into the future, this issue is expected to be exacerbated by the tremendous opportunities accompanied by digitization. Every country, every state, every city, and every company will become technology driven. This means that the exposure to outside threats will only be magnified. When data was centralized, companies could put a wall up to prevent hackers from violating the castle. Now, with data moving to the edge, the problem is that every company is going to have thousands of castles to protect and in order to violate these castle, all hackers need to do is find the weakest link.
It is because of this reason that we need to move from traditional endpoint security to next generation cybersecurity solutions. One example of a company enabling and leading this transition is my latest investment, Virsec Systems. Virsec is tackling this problem by allowing companies to implement “application-aware” security controls in on-premises, cloud, and hybrid environments. Their approach is to watch for an abnormal flow of workloads, either within a company’s own data center, its own cloud, or across clouds. Virsec has, to the best of my knowledge, developed the only security product that prevented the SolarWinds attack in their installed government accounts. Another cybersecurity startup, SAFE Security, which JC2 Ventures invests in, has a unique approach, enabling organizations to predict cyber breaches in their environment, by contextually aggregating signals from existing cybersecurity products, external threat intelligence, and business context. This information is then translated into a cybersecurity score between 1 and 5. Whether it’s determining how secure your mobile device is or rating the security systems inside of a large company, the CEO – or even individual consumers – can understand if they are prepared or not. Another of my portfolio companies, Privoro, specializes in hardware-based mobile security, protecting data on Apple and Android phones from surveillance.
However, technology can only get you so far. We can never underestimate the importance of people and process. The majority of security violations occur when people inside companies do not follow established protocols and procedures. It is crucial that you not only have processes in place, but also that you ensure everyone, including the CEO, follows them. This will help if you do happen to get hacked – you will be one step ahead and more easily able find where the vulnerability occurred, so you can focus on your crisis management plan. You’ll be better prepared to regularly communicate updates on progress to your board, your shareholders, and the media. You will be confident and ready to paint a picture of what the company will look like when it emerges from the crisis and then build back better.
To access more of The Innovator’s Chambers With A View articles click here.