01 Nov Revenge of the Internet: Cyber Resilience in the Entertainment Industry [from the World Economic Forum]
Daniel Dobrygowski is Lead for Trust and Resilience, Future of Digital Economy and Society System Initiative, World Economic Forum. He delivered this keynote speech at DEG’s Fall Membership Meeting on October 3, 2017, in Los Angeles.
I’m not here to talk to you about standards or to scare you with cybersecurity horror stories. Rather, I’m here to talk to you about innovation and about opportunity and about a sustainable future for this industry. And what we need to do to get there.
You likely know that, when we talk about innovation, we are generally talking about digital innovation – the ability to take advantage of networks and computing to accomplish our goals. After all, this is the DIGITAL entertainment group, and not the let’s-keep-filming-on-flammable-cellulose-stock Entertainment group, which is meeting back in 1933, in case you’re in the wrong place.
Even though I’m pretty sure we all agree that innovation means digital and that’s our present and future, let me tell you a bit about how my organization looks at this. At the World Economic Forum, which is the international organization for public private cooperation, we try to help solve problems that are too big for any one company, government, or group of people to solve alone. And when we think about innovation, we describe what’s happening now as the Fourth Industrial Revolution – which brings a host of opportunities to create new and better business and social structures. But we need to solve a whole lot of new challenges in order to make that happen.
And cybersecurity (or cyber resilience, which is a better way to think about it), is one of those challenges. The way we solve for these common challenges is by convening the foremost experts on the topic, a subset of whom were kind enough to join us today, and try to figure out a solution, together – then we offer that up to the world as a public good – much like we’ve done with some recent principles on cyber resilience for corporate boards and CEOs. In the near future, this work will take place at our new Global Cybersecurity Center in Geneva as well.
Often, when I’m working with CEOs or ministers and executives on this sort of thing, I hear from them that they’re doing everything right. They’ll say, “I’ve got a team”, meaning that they’ve put a team in place and that “those guys” are handling security. This, of course, begs the question, “What, exactly, are ‘those guys’ doing?” and, too often, the answer is “I don’t know.”
And then they get hacked and wonder what happened.
So what went wrong? Our panel will discuss that a bit. But as a preview, I’ll tell you this: Saying, “our networks are fine and I don’t have to think about security because I’ve got a team” is like saying “my teeth are fine and I don’t have to brush because I’ve got a dentist.” No one would say that because we all understand that one good step isn’t enough to solve a continuing challenge.
So, yes, you’ve got a team – that’s great, you don’t need to be a cybersecurity expert to run an entertainment company, even a digital one, so you’re doing the right thing by building a security team, but it’s important not to confuse “the right thing” with “the only thing.”
Another analogy can help: When you make decisions about how to run your business or whether to engage in a new line of business, develop a new show or a new delivery channel, a company and an executive thinks about a lot of things besides content. In order to be successful, you also think about the cost, even in basic back-of-the-envelope terms even if you’re not an accountant and you have a finance team in place.
This is because, if you can’t pay for a movie, or show, or game, it won’t get made. That’s why you think about the financing along with the marketing, and the talent, and also all the content and creative aspects of a new program or approach. That’s leadership, knowing a little bit about all sorts of ancillary issues because you need to in order to deliver on what you promised to your customers and shareholders.
Cybersecurity is no different. Now that we’re all connected (we even use the word hyperconnected), making sure that you can communicate with each other and making sure that you can deliver what you promised to customers matters. So cybersecurity matters and you, the person in charge, the leader, needs to understand how to manage it.
Don’t worry, you don’t to become a computer scientist in order to take leadership here. But you do need to be able to understand how your technical teams will help you all achieve your goals – that might be by helping to keep IP like scripts secret until a show debuts or how to make sure that sensitive communications only go to the right person or that, when someone watches a video, all their personal and credit card information doesn’t leak out onto the web through your network. It’s a matter of meaningful cooperation between executives and technical experts.
This is part of the “cooperation” thing that the Forum is so good at – we develop ways to ensure that leaders, managers, and experts can have the right kinds of discussions, and exercise the right kind of oversight – we do this between governments and businesses too. We’ve found it’s all about using a common language.
So I will grant you that you’ve all assembled great teams. Your IT and security folks are, right now, doing the best they can. And that’s why I’m really glad that you’re here and you’ve asked us to come in and spend some time with you. Today, we are going to give you some insight into the things you should know, as a leader, about how you can get the most out of the teams you have put in place and how you can make sure that you’re doing what you need to do in terms of cyber resilience.
And this is why I like using “cyber resilience” rather than “cybersecurity’ – because if you’re resilient, you have a plan for before, during, and after a breach or other event – that’s what leadership looks like– having a plan and being resilient and it’s that resilience that builds trust, and that trust that will make your business efforts successful.