Who should keep the Internet safe?

The Internet is constantly being manipulated by various forces for social, political, ideological, economic and military interests. Governments are striving to regulate its use, corporations are trying to build impermeable commerce platforms, defence forces are building cybermilitary capabilities, criminals are continuing to deploy malware and hacktivists are promoting their ideological campaigns. On multiple fronts, the Internet is faced with new risks that have a profound impact on corporations and online commerce.

Recently, we have seen numerous instances of major organizations being compromised. In one case, hackers spied on a large consumer product firm for nearly a decade through covertly installed spyware. Top company executives were targeted and their passwords stolen, allowing the hackers to access confidential business plans, reports, e-mails and other documents.

Such cyberattacks not only demonstrate a lack of technological preparedness, but also inexperience in managing the reaction of their customers and clients. Corporations need to commit to investment and collaboration that will ensure that their customers are safe and protected from cyber risks. Consumers need a safe and trusting marketplace and the corporate world has a responsibility to provide one.

Securing an organization online is, without doubt, complicated. Priorities can change quickly due to new emerging threats or increases in vulnerabilities often introduced by businesses seeking short-term financial gains. This rapid adoption of new technologies, driven by the rise in online commerce, has often come at the expense of businesses being prepared for cyberthreats.

A recent survey of chief executive officers showed that cyber risks are ranked as one of the lowest business risks, while government agencies such as the FBI rank these at the highest levels, only one level below nuclear threats. It would be interesting to understand why businesses do not share this assessment of the dangers posed.

Corporations need to ask themselves if they are paying enough attention to cybersecurity. Even if their industries haven’t been the focus of prior Internet attacks, ignoring the problem could lead to corporate failure. CEOs should make cybersecurity a boardroom issue, and cooperate with consumers, civil society, governments and among their businesses on sharing cyber risk information.

Author: Lucius Lobo is Vice-President and Global Head, Security Services, Tech Mahindra, India. He is a member of the World Economic Forum’s Global Agenda Council on Internet Security

Pictured: A monitor displays an attacking team’s progress during a drill at a Department of Homeland Security cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, September 30, 2011. The drill consisted of a team trying to exploit and take over an industrial control network while the other team worked to fend off the intrusion. REUTERS/Jim Urquhart