Every company in the world has added a service that will be forever needed, the cybersecurity costs. The internet has changed the way the world finds and uses information, however with all the good comes the possibly of negative or fraud on the internet. We all know the cybersecurity is needed, but do you really know what the companies that protect you do or how they think? A book called The Fifth Domain written by Richard A Clarke and Robert K Knake published by Penguin Press, NY, 2019 helps answers the questions.

The authors are well known by Fortune 500 companies as well as the Situation Room in the White House or are listened to by policy makers. The best strategy can be best summed up with a single work resilience.

The reality of the internet as we know and love it today does not lend itself completely to traditional national security approaches. Ultimately, what we want is to be able to ignore cyberattacks, to be able to slough them off and continue on with our business rather than being forced to escalate. We want to make our defenses so good, and our architectures so strong, that we do not care about whether we are being attacked most of the time because the attacks have no serious effects.

Cyber resilience must be built upon, rather than be seen as a replacement for sound security fundamentals. Resilience is about the ability to rapidly respond, return to a good state, manage bad outcomes, and learn from the incident so that the future incidents are less likely.

One of the people the authors interviewed was CISO Rogan Amin of the JPMorganChase who wrote papers for the International Conference on Information Warfare. The authors write the next time you think about JPMorgan, it is really a tech company that lends and invests money. The company has a workforce of 225,000 people and 50,000 are in the information technology field. (in comparison Facebook has 35,000 employees and Google has 60,000 people).

Often the cybersecurity as thought as catch and kill which means – reconnaissance – weaponization – delivery – exploitation – installation – command and control – actions. The offence always has the advantage because they know why they want to do itself the information. Do they want to copy the information – download the research and development? do they want to know the people? gain money? For the cyber security people they have to think like a hacker.

It is important to know the large cyber companies such as CrowdStrike and Palo Alto Networks share information about the latest information through Cyber Threat Alliance (CTA). Members share 4 million indicators a month.

The book discusses threats from outside the US – they are real. Often times organizations will expect to be compensated for the loss by insurance companies. However, some insurance will only insured if its act of war. This implies finding where the bad guys are based and what their motives are.

The book discusses policy questions for the government and how cybersecurity can be better for all.

One of the many ways you can personally protect yourself is to keep the limit on your credit cards low and do not answer all the information truthfully. Once in a while pick something that you will know but someone researching you will not know, a famous example is Citizen Kane and rosebud.

Linking to dividend paying stocks, one of the elements a dividend investor is looking for is recurring payments, we all know one way or another you need to pay for cybersecurity protection. Due to the recurring payments, that makes cybersecurity companies attractive, which one you pick is a matter of your homework. Recurring revenues to a profitable company is a good thing.

There are more questions than answers, till the next time – to raising questions.