Global cyber-protection is threatened by fragmentation of the industry in response to nations’ growing divergence and technology nationalism. There is another way; the cyber-security industry needs a global framework for trust and integrity that applies to everyone, says Anton Shingarev, head of CEO office at the cyber product company Kaspersky Lab.
The World Economic Forum’s Global Risk Report 2019 paints a bleak picture of the top threats facing our planet. Leading the list, and influencing everything that follows is the impact of growing divergence between nations. Ever more countries are seeking to establish national control over their affairs, economies, security and more. WEF’s analysis suggests the divisions are growing, and that such fragmentation and protectionism can create blind spots, undermine global stability, and limit the world’s capacity to respond effectively to global challenges. It is not hard to see how they affect our ability to tackle the global challenge of cyberthreats.
In a hyper-connected world, cyber-attackers ranging from state-backed cyber-espionage groups to common thieves can target almost anyone, from anywhere, spreading fear, uncertainty and doubt through cyberspace. The online world is being weaponised, and national governments want to protect their citizens as best they can. Some have chosen to do this by putting up barriers, restricting access for technology vendors from nations perceived as a potential threat: the balkanisation of cybersecurity. When it comes to a choice between fear and facts, fear seems to win every time. But it is worth asking: who is afraid and what are they afraid of? The answers may not be what governments expect.
Everyone is worried – really?
In mid-2018, we commissioned a multi-country survey to better understand what people really think about foreign organisations and their online security. The research was undertaken by an external agency and involved IT security professionals and consumers in the US, Germany, France, the UK, Italy and Spain.
Among other things, it turns out that the majority of people don’t fear ‘stranger danger’ anywhere near as much as their elected governments might think they do. In fact, over half of businesses (55 per cent) and two-thirds (66pc) of consumers we spoke to say their government should go with the company that offers the highest quality products and services, even if it is a foreign business. This figure rises to 8 in 10 for areas critical to national security. In other words, the quality of a company’s products and services matters significantly more than where it comes from.
Barriers
Allowing open access for vendors underpins competition, and competition powers innovation and performance. Evidence shows that most companies benefit significantly when there are others around them trying to do the same thing, only better. In cybersecurity that quickly translates into better protection for all. So if people don’t fear foreign cybersecurity firms as much as their elected governments think they do, and blocking such companies might actually damage national security in the long term, why are governments choosing this option?
Governments have an obligation to protect critical national infrastructure, the economy and everyday life. In cyberspace this means securing national frameworks against the risk of external attack, sabotage and cyber-espionage. One of the easiest things to do in such circumstances is to restrict or ban suppliers from countries they are concerned about. But people deserve – and want – to be able to choose the solution that best meets their needs. The only people to really benefit from restricted choice are the cyber attackers. Cyberthreats don’t see, let alone respect the boundaries nations put up, and to counter that security needs to be able to operate without borders too.
Cybersecurity companies, regardless of their country of origin are largely battling the same cyber-adversaries, and the industry has much to gain from being able to co-operate. No one company has a full 360 view of every new threat, but between them, security researchers from different organisations can better complete the picture.
