مقاله سال ۲۰۱۶

‘Cyber peace’ to me would be an entire weekend without my Blackberry going off. — Kroll Advisory Solutions Managing Director Michael DuBose (2011) Remember the good old days of the roaring late 1990s? U.S. GDP growth was humming along at almost 5%, Cher’s Believe was topping the charts, no one was glued to smartphones–—if one even had a cell phone it was likely a Nokia featuring picture messaging for the first time–—and cyber-attacks were still something done mostly by teenage hackers with too much time on their hands. My, how times change. The world in 2015 is a much more complicated place–—the number of Angry Birds iterations alone boggles the mind–—and the issue of cybersecurity has become especially problematic for managers, so much so that some firms are going back to a time before the late 1990s and are reintroducing typewriters to better protect their consumers and invaluable intellectual property (Lyons, 2014). In an era when smartphones can be turned into microphones for purposes of eavesdropping even when they are turned off, the dangers of cybersecurity illiteracy and the necessity of building a global culture of cybersecurity are self-evident (Bucktin, 2014). But defining and promoting the cause of cyber peace is easier said than done with many managers left unsure about where to put that next dollar of investment (e.g., deciding whether to go with biometrics or an employee cyber hygiene.

education), how to reorganize to better mitigate the risk of cyber-attacks, and what to do when things go wrong. Although it is beyond the scope of this brief article to answer all of these questions, a range of cybersecurity best practices are discussed along with how they fit together to promote the cause of cyber peace.

Indeed, rarely does a day seem to go by without another front page story about a firm being breached by cyber-attackers. Even experts in the field are far from immune from the unsustainable status quo. For example, Jim Lewis of the Center for Strategic and International Studies has said: ‘‘We have a faith-based approach [to cybersecurity], in that we pray every night nothing bad will happen’’ (Dilanian, 2010). This is a difficult starting point to consider an appropriate end game. Still, it is something that firms must do since infinite investment does not breed infinite security. This article takes lessons from the burgeoning field of cyber peace studies and applies them to private sector cyber risk mitigation strategies. It is structured as follows: First, cyber peace itself is defined in the context of how businesses can promote peace generally, and then how that goal can be attained by working together. Next, a range of proactive cybersecurity best practices is discussed before finally considering the global cybersecurity legal environment. With managers and even members of the C-suite looking over their shoulder after a breach, who wouldn’t welcome some peace of mind?