Skip to main content
University of Oxford Saïd Business School 25

Top menu

  • Oxford Answers

Main navigation

Main menu
  • Research
    Research
    • Research overview
      Research overview
      • Research seminars
      • Research strategy
    • Research areas
      Research areas
      • Accounting
      • Finance
      • Health Care
      • Impact
      • Innovation
      • International Business
      • Management Science
      • Marketing
      • Major Programme Management
      • Organisation Studies
      • Professional Service Firms
      • Strategy
      • Technology and Operations Management
    • Centres and initiatives
      Centres and initiatives
      • Creative Destruction Lab Oxford
      • Entrepreneurship Centre
      • Oxford Future of Finance and Technology Initiative
      • Oxford Future of Marketing Initiative
      • Oxford Future of Real Estate Initiative
      • Oxford Initiative on AI×SDGs
      • Oxford Initiative on Rethinking Performance
      • Oxford University Centre for Business Taxation
      • Oxford University Centre for Corporate Reputation
      • Private Equity Institute
      • Responsible Business
      • Skoll Centre for Social Entrepreneurship
    • Networks
      Networks
      • CABDyN
      • Oxford Institute of Retail Management
  • Oxford experience
    Oxford experience
    • Coming to Oxford
      Coming to Oxford
      • College experience
      • Living costs
      • Partners and families
      • Visas
    • Scholarships and funding
    • Life at Oxford
      Life at Oxford
      • Learning at Oxford
      • Exploring Oxford
      • Activities, clubs and groups
      • Oxford Union
    • Blogs
    • Career development
      Career development
      • Your career journey
      • Our expertise
    • Life after Oxford
      Life after Oxford
      • Alumni
      • Elumni
  • Events
    Events
    • Events listing
    • Past events
    • Future of Business
    • Oxford Smart Space
  • About us
    About us
    • The School
      The School
      • Our history
      • Our community
      • Diversity and inclusion
      • Climate emergency
      • Rankings, achievements and accreditation
      • School Board and Global Leadership Council
      • Global Leadership Centre
      • Covid-19 information
    • Support us
      Support us
      • Fundraising priorities
      • Donate online
      • How to give
      • Corporate partnerships
      • Community giving
      • Impact and recognition
    • Our people
      Our people
      • Faculty
      • Associate Fellows
      • Academic visitors
      • Recruit our graduates
      • Work for us
    • News
      News
      • Media coverage
      • Media relations contacts
    • Venue hire
      Venue hire
      • Park End Street
      • Egrove Park
      • B&B accommodation at Egrove Park
      • Our services
  • Programmes
    Programmes
    • MBAs
      MBAs
      • MBA
      • 1+1 MBA
      • Executive MBA
    • Degrees
      Degrees
      • BA Economics and Management
      • DPhil Finance
      • DPhil Management
      • MSc Financial Economics
      • MSc Global Healthcare Leadership
      • MSc Law and Finance
      • MSc Major Programme Management
    • Executive Diplomas
      Executive Diplomas
      • Artificial Intelligence for Business
      • Financial Strategy
      • Global Business
      • Organisational Leadership
      • Strategy and Innovation
    • Executive Education
      Executive Education
      • On-campus open programmes
      • Online programmes
      • ​Custom programmes
    • Programme finder
  1. Home
  2. News
  3. Cyber-defence must be holistic
  1. Home
  2. News
  3. Cyber-defence must be holistic
Cyber security

Cyber-defence must be holistic

Fri, 1st September 2017

Published


Related news

  • Insight

Breaking down organisational silos is the only way to counter cyber-crime, says alumnus Dinos Kerigan-Kyrou.

In 2014 several of the countries that comprise NATO started to realise that cybersecurity attacks on business and industry were as much a security threat to the countries of NATO as anything posed by hostile militaries. Such cybersecurity threats can undermine the economic foundations of countries by destroying the companies that comprise their business community.

Cybercrime comes in many forms. 'Hacktivists' bombard companies and governments with coordinated attacks to bring down their websites. Ransomware locks down computer systems until a payment is made. And fraudulent online activity – targeting banks' customers and employees – costs vast amounts each year.

Even more worryingly, our critical infrastructure – including banks, our water supply, our electricity and fuel, our telecommunications, transport and health services – is becoming increasingly 'smart' and interconnected. This ‘Internet of Things' makes everything from monitoring your heart rate to running a power station much more efficient and productive. But it also produces cybersecurity vulnerabilities for those who want to cause harm. The former US Secretary of Defense, Leon Panetta, has spoken of a future terrorist attack on critical infrastructure as a possible ‘Cyber Pearl Harbor’.

Of equal concern is the cyber theft of Intellectual Property, happening right now ‘on an industrial scale’, according to GCHQ’s National Cyber Security Centre. This has the potential to wreck multi-billion dollar enterprises, ruin hundreds of thousands of jobs, and even to crash entire economies. It is a particular concern of the United States which sees such IP theft undermining its economy and therefore its national security, and it's why the threat was highlighted by President Obama in 2015.

A corporation such as a pharmaceutical company may invest up to $15 billion in the development of a new drug. A company, individual, organised criminal, or even a country, can manipulate the victim's systems with a fake communication, known as a spear phishing email. Once the hostile actor is in the victim's system it aims to remain hidden. This is why IP theft is such a concern. There's no flashing monitor, no demand for a ransom payment: the goal is to hide and watch what's going on, stealing data, development, and critical information at will. Even worse, there is increasing evidence that criminals are manipulating data as well. Research for a new drug, or for a new car engine, is increasingly stored, not in a lab or workshop, but in ones and zeros. This data can be manipulated in subtle yet massively destructive ways. Small changes to the victim's data can destroy years, and billions of dollars’ worth, of research.

As NATO, law enforcement agencies, Oxford University’s own cyber security network, and many other organisations have stressed, the vast majority of cybersecurity breaches are caused by ‘people and process, not technology’. Modern cybersecurity fraud is far more about social engineering and deception that it is about a smart 'hacker' penetrating into systems.  And yet most businesses and organisations persist in leaving the protection of critical information and data solely to their technical departments.

Of course the technical jobs of patching, firewalls, updating virus checks, and penetration testing will always remain vital. But they are simply not enough. Security needs to be central to every single business decision and process by every employee. It's not only an IT issue – it's an every person, every department issue.

When I participated on the Oxford Strategic Leadership Programme (OSLP) in 2007 I was introduced to the ‘Generally Agreed Management Principles’ of Professor Leonard R. Sayles. Even back in the 1960s Professor Sayles was hugely critical of the classic, hierarchical company, arguing that silos and isolated departments can wreck business performance and potential. This is even more true today. The company or organisation that divides into silos, functions and sectors is potentially at great risk of a cybersecurity breach. Conversely, a company that is organised and behaves holistically, where every employee is responsible for the company as a whole rather than 'their' individual sector is vastly more resilient and prepared.

OSLP also emphasised that leadership and development is about empowerment of employees and colleagues, encouraging them to take the lead and create solutions to problems themselves. One important security exercise, for example, is for an organisation to assume a breach has already occurred and encourage every single member of staff to identify anomalies.

Companies have to act holistically; they have to eliminate the idea of 'blame' or 'fault' for a cybersecurity breach and ensure that every employee is empowered, indeed rewarded, for identifying problems and anomalies at as early a stage as possible. If not, they are going to find it difficult, if not impossible, to address the new and ever developing cybersecurity risks they face.

Dinos Kerigan-Kyrou is an alumnus of the Oxford Strategic Leadership Programme.


Related news

  • Insight

Footer menu

  • Contact us
  • Find us
  • Press
  • Jobs
  • Website policies
  • Alumni
  • Donate
  • Covid-19

Follow us

  • Twitter
  • LinkedIn
  • YouTube
  • Facebook
  • Instagram
  • WeChat
  • Blogs
  • Advance HE Opens in new tab
  • EFMD Equis accreditations Opens in new tab
  • Global Network for Advanced Management Opens in new tab

Website & Privacy Policies © Saïd Business School 2023 All rights reserved

Back to top