Lieutenant General Sir Graeme Lamb is a former director of UK Special Forces and Commander of the British Field Army. Sir Graeme is the Chairman of ITC Secure Cyber Advisory Council.
In this blog, Sir Graeme sets the context from a geo-political perspective and urges businesses to take stock of ground realities as they build cyber security resilience.
An informed framework is necessary to help businesses understand the big picture and take measures to mitigate risks. When businesses are aware, they are better prepared to harness new technologies and realign strategies to combat risks.
In fact, knowing and being aware are crucial to the state of preparedness to build resilience, ensure business continuity and deliver intended outcomes despite cyber attacks, natural disasters and economic downturns. This year’s Global Cyber Security Outlook by the World Economic Forum reveals concerns about an increasingly fragmented and unpredictable world. Thanks to the geopolitical instability, there is increased awareness of cyber threats.
Context setting – importance of knowing
Let me emphasise the importance of understanding the context. Information becomes wisdom only when there is context — it is so easy to get wrapped up in our existence that we forget about the larger world we live in, but business resilience means we must account for the context and take measures to address it.
Given my military background, let me refer to a scenario when one steps into a live minefield. The most important thing to survive the mines is to stop right there and then—the pause is necessary to assess the surroundings and decide on the next course of action. A pause helps us to reframe the conversation and move beyond what we see and consider macro events that has implications for business.
We have to take into cognisance that businesses are operating in a minefield of risks, uncertainty and many unknowns. In military operations, we have the practice of stepping back to get a long view of things. It serves businesses to pause and take stock of things, assess what reserves are in place and keep a watch to ensure defences are holding up in the face of uncertainty.
The best leaders are ready to hear and listen to a wide range of information to understand implications and get cues for the best course of action. This applies to military, business, and in cyber security.
The state of the nation
By any measure, we are living in interesting times with persistent uncertainty and developments that can likely cause disruptions.
In a joint statement by President Vladimir Putin and President Xi Jinping on 04 February 2022, they outline their view of a world order. It is wonderfully insightful in that they talk about democracy and how they want to develop to bring about that state. Those perspectives are important because they are part of this disruption.
Right now, Putin is not losing in Ukraine. In fact, he is cash rich from the increase in gas and oil and prices. But he has a long-term problem because he has lost out the European and Western market and has a restricted market for oil, gas and minerals.
On the other, China is interesting because it requires the European and American economies to be successful because they are its market. Recently, the country went from zero tolerance to opening up everything in the blink of an eye when it realised that was hurting the economy.
Now, think about Brazil and Argentina talking about a new currency. There are a series of things within that, which, when you sit back, you get the insight that it is interesting as to where things are. We need to consider these developments and adjust our frameworks as we move forward. In an interconnected world, we must appreciate the interlinkages and what it means to us: without which, risk assessment and preparedness is incomplete.
A state of flux
Uncertainty is now a forever problem. Everything is in a state of flux, all the time: diplomacy, politics, money markets, business. You cannot point to a place and say this is where it is going. But the implications are that it is difficult to see where the moving parts are coming from.
You have to see it through the lens of a crisis. In a military operation, where it requires a helicopter to evacuate people from a mountain by carrying double its capacity, we pull off the rate stops and give the chopper maximum power for take-off. As soon as possible, we put back the rate stops to bring it to a steady state.
That is where the discussion on cyber security is relevant. The need for crisis management may have gone but the trouble will remain forever. You have already put a lot of investments into hardware, software and technology, but it is time now to put the rate stops back and bring the organisation to a steady state. This is no time to take your eyes off the ball.
More importantly, there is a growing awareness across companies from the board to the entire workforce about the dangers and consequences of not being aware of cyber security.
The problem of uncertainty is not going away. It is a challenge for leaders to think more deeply about cyber security and listen more intently to everyone to ensure there is a state of shared resilience.
To watch Sir Graeme Lamb’s full session that evaluates the state of the nation, visit the 2023 ITC Cyber Summit on-demand page.