Lets Get on the Same Page...

We have Foundational Methods and Beliefs that Transform Your Security, But Can Transform Your Entire Company When Taken Seriously.

Cyberspace is a Domain of War

It might be absurd to picture someone running a lemonade stand in the middle of a firefight, but that is more-or-less what you are doing in cyber-terms as a business owner. If no one has put it in those terms to you before, they should have by now. Both The Department of Defense (DoD) and the North Atlantic Treaty Organization (NATO) now officially recognize cyberspace as being a domain of war — one comparable to the domains of air, land, and sea. This recognition is evidence to the point that a Cybersecurity & Privacy Program is no longer a nice to have. It is now essential that every organization be able to protect itself from the many cyber threats that exist. Furthermore, recognition by the DoD that cyberspace is a domain of war signifies that cybersecurity should be treated as a form of combat, and thus governed by warfighting doctrine.

Marine Corps Doctrine

The United States Marine Corps (USMC) organizes its forces into self-containing Marine Expeditionary Units (MEUs) that are capable of responding almost immediately to nearly any form of crisis. MEUs carry everything required to conduct missions in almost every environment and can remain in operation for extended periods before requiring outside support. In essence, USMC MEUs have everything needed and nothing more, which affords them an extraordinary amount of agility, flexibility, and effectiveness. This ‘everything you need and nothing you don’t’ approach has influenced Highground Cyber’s development of solutions and the delivery of services to small and midmarket businesses needing cost-effective answers to the complex issue of Cybersecurity & Privacy.

The OODA-Loop

The Observation, Orientation, Decision, and Action (OODA)-loop is an iterative decision-making model — developed by Air Force Colonel John Boyd — that enables individuals or groups to quickly identify and appropriately react to both internal and external factors in order to overcome obstacles and eliminate threats. In the context of combat operations, whomever can progress through the steps of this loop the fastest is most likely to come out the victor. This is an essential concept for cybersecurity, as threat actors — the combatants with whom you wage an endless war — begin scanning for exploitable vulnerabilities in your organization within eight to ten minutes of that vulnerability becoming common knowledge. In order to successfully thwart the efforts of these treat actors, you must observe, orient, decide, and act faster than they do.

Cybersecurity is Not an IT Problem

Many mistakenly believe that because cybersecurity is an inherently ‘technological issue’ that responsibility for the implementation and management of a Cybersecurity & Privacy Program falls on the shoulders of the IT-function. However, this is not the case. Cybersecurity & Privacy Programs require an understanding of governance, risk management, and compliance management, which are skill sets most IT-functions simply do not have. Furthermore, effective Cybersecurity & Privacy Programs require the weight and oversight of executive-level authority. Afterall, non-compliance could result in significant reputational and/or financial losses for the organization and its leadership. Therefore, disciplinary action should be authorized and enforced thought executive-approved organizational policy. The IT-function cannot implement such policies by itself. Finally, the decentralization of information technologies in favor of cloud-based platforms means that the traditional IT-function is unlikely to have jurisdictional authority over key technologies used by the organization. For example, the sales and/or marketing function may be responsible for managing a customer relationship management (CRM) platform that contains the personally identifiable information (PII) of customers. This CRM platform must therefore accord with the Cybersecurity & Privacy Program owing to the sensitive nature of the data it contains. However, because this CRM platform is managed by the sales and/or marketing function, the IT-function may not be able exercise any amount of control over the platform to ensure its compliant the Cybersecurity & Privacy Program.