‘Data’ is widely regarded as the most valuable asset today, especially in business contexts. In our electronic age, data means everything that is digitally available—documents, write-ups, statistics, contracts, videos, audio files, images, and even encrypted files. By analysing data, organizations can solve problems, overcome obstacles, and push past limitations to grow. This applies to every industry including healthcare, finance, technology, retail, manufacturing, as well as to non-business fields like governance and science.
As data is a key to an organization’s success, it’s vital to safeguard it because its lucrative nature attracts cybercrime. Over the past few decades, the instances of cybercrime have been accelerating because we are increasingly relying on the internet. As we perform almost all high-value financial transactions and manage sensitive, privileged, or personal information online today, cybercrime is a severe threat to modern businesses.
To clarify: Frauds, identity or intellectual property thefts, data breaches, facilitating human trafficking, promoting child pornography, publicising classified national or business trade secrets, and other illegal acts committed through computers are recognized as cybercrime. For instance, Sony’s PlayStation Network outage in 2011 affected about 77 million users. All their personal information was stolen and although the service was shut down for just 24 days, it cost Sony $171 million to clean-up and to repair their activities. Another example: Social networking leader Facebook has been the victim of several extremely expensive data breaches over the years, as the personal data of millions of users had been exposed, stolen, or misused, each time.
Once an organization’s data is attacked, its leaders face hefty clean-up costs, losing customers’ trust and declining value in the market. In fact, the costs to clean up, to restore data integrity and to resume routine activities after attacks globally total about $ 500 billion per year. So, along with anticipating threats, organizations must take the initiative to secure their online activities effectively and develop resiliency against the threat of cybercrime. But how do they do this? Where can they begin?
Dr. Craig Horne, specializing in digital information security, has dedicated almost his entire professional life to cybersecurity. Through his own cybersecurity firm, he has taken up the responsibility to guide organizations forward in the right direction. In fact, he is an authority in the field today. He’s highly educated in computer science, especially cybersecurity and in his career, he has held over 15 various technical roles within the information and communication technology (ICT) industry—collecting over 25 years of experience. He has also served in the military for over 14 years, facilitating safe communications on some of the most hostile places on Earth. He’s also the national vice president at Australian Computer Society, an Australian professional association that connects about 45,000 ICT professionals.
Understanding the Threat of Cybercrime and the Practical Solution Today
Dr. Horne is the managing director at Informational Risk Pty Ltd., the world’s first cybersecurity platform that gives any organization an assessment on their security measures. It also gives them tools to guide their improvement, from recommending the best suppliers to crafting strategies. It’s the culmination of his decades of studies and immersion in ICT and cybersecurity.
Dr. Horne has developed a working knowledge of establishing effective cybersecurity measures, for all modern organizational endeavours. More importantly, he has a clear understanding of the critical role that human beings need to perform to put these measures in place. The fundamental logic is always that while an attack is initiated by the criminal, an organization’s leaders must invest in cybersecurity measures in the first place.
“The international standard for the governance of information security states that organisational leaders are accountable for overseeing efforts made towards information security within the organisation. They can share responsibility for this with other executives and managers but ultimately, they are accountable for setting strategy, properly funding information security efforts as well as ensuring that all the necessary initiatives have been conducted to prepare the organisation for a possible information security attack,” Dr. Horne states.
So, when a business leader wants to establish a resilient organization, with a secure exchange of transactions or information online and overcome the threat of cybercrime, he or she must invest in cybersecurity. But unfortunately, most organizations are practically disadvantaged today due to three reasons. First, there is no commonly accepted guidance available to help organizations to construct adequate security measures because each business is unique, with its own needs, challenges, and unique circumstances. Second, most leaders do not have a clear or actionable understanding of setting up security strategies in place. Third, cybersecurity resources and expertise are not easily available to small and medium-sized organizations, in contrast to large organizations with big budgets.
“I interviewed 25 security leaders in the largest private and public organisations in Australia, to understand best practice for how they secure their organisation’s information. I examined the academic literature on information security strategy. Finally, I put together a website that draws all these lessons together and makes this knowledge available to smaller organisations through an online platform, which has the benefits of scale and scope,” Dr. Horne explains.
Informational Risk: A Guide to Constructing Effective Cybersecurity
“Informational Risk gives organisational decision makers guidance for the strategic-level protection of information, giving direction for the selection of technical infrastructure, which has been a gap in guidance to date,” Dr. Horne introduces the service.
By taking up a self-assessment through an online questionnaire, clients can understand their organization’s strengths and weaknesses. Its detailed reporting graphically records the key points and this way, clients can better understand their own security posture. They have the option to further improve their security posture through its marketplace portal that connects them to the best suppliers for their products or services.
Embracing Lessons and Values Taught by Life Experiences
Thus far, although Dr. Horne has been professionally successful and quite accomplished, the journey hasn’t been easy. He has learnt from his failures, life’s harsh realities and through it all, he has internalized the importance of five values: Perseverance, independence, altruism, focus and curiosity.
“The most recent challenge in my career has been completing a PhD part-time whilst working full-time. Whilst working 40 hours per week, I also had to study 20 hours per week. I was also the Chair of the Victorian branch of the Australian Computer Society, which was also taking up 20 hours per week. On top of all this, I had two small children and wanted to be an active part of their lives. This went on for years and was hard work,” Dr. Horne shares.
Outside of work, Dr. Horne has also picked up the great importance of consistent planning and hard work to succeed at challenges that may seem demanding or overwhelming. These include some of his non-professional achievements: Completing a PhD in his 40’s, kayaking 350 km for charity and running a marathon.
Guiding Organizations towards Proactive and Effective Cybersecurity
Through varied life experiences as well as decades of service and immersion in cybersecurity, Dr. Horne brings a wealth of knowledge and practical know-how to organizations in need of special guidance. In essence, his firm endeavours to strengthen an organization’s security holistically, addressing higher issues like security policy, security culture, and technological tools or controls. It’s a success because it proactively guides an organization’s human element at the centre of its defence strategy.
Dr. Horne’s personal conception of success is the number of cyberattacks decreasing and businesses being affected less and less by attacks. “Success to me would be organisations using Informational Risk to understand where their information security strengths and weaknesses are and improving it over time to reduce the number and impact of security attacks,” he adds. Regarding the future, Dr. Horne looks forward to sharing ideas on improving cybersecurity with other business leaders. He is also investing in his firm’s growth, especially foreign expansion. “I would like to expand internationally to onboard security vendors from Europe and the US into the marketplace. This would allow global customers to access their local products and services, once they have conducted assessments of their security posture,” he sums up by sharing his vision.