Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

/p><p id="6464">Sweden was a constant target of hacking attacks at that time. I contacted various Scandinavian startup incubators and offered free help in exchange for first-hand feedback. From more than 30 incubators, I received two replies.</p><p id="51ba">One was from an incubator sponsored by a local municipality — they confirmed that they have information security covered by the local municipality administration. The second was university-sponsored and was interested in hearing more from me.</p><p id="8236">I realized most European business incubators do not help startups with information security basics. They consider taxation, accounting, employment, business, and (some) even social media as critical topics. But not information security.</p><h1 id="48a5">The second viewpoint — awareness</h1><p id="10ab">I spoke with the COO of the regional incubator, and he assured me that startups do not have the luxury to spend their scarce resources on topics of secondary importance. He was referring to ‘unmeasurable piles’ of time and finance.</p><p id="7ece">I started to question both viewpoints — something was off. But I believe I have figured that one out. Many business managers do not discern between <b>Information Security</b> and <b>IT security</b>. The latter is just a part of the former and is associated with substantial financial investments in expensive IT equipment.</p><figure id="493c"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*uSUevEGlxcwA2qjV4jyyQw.jpeg"><figcaption></figcaption></figure><p id="56f4">The fundamentals of Information Security do not require any (serious) financial investments. Most European government-sponsored cyber-crime fighting agencies offer a basic awareness training — for free.</p><p id="787f">But as business managers and mentors link information security to high costs, they leave it aside altogether. <b>Forever!</b> Until some unfortunate organization experiences a colossal hack and loses millions of euros and personal data.</p><p id="4bf3">At some point, the management analyzes the situation. The findings often suggest their product or service needs re-building — from scratch. Many years of work and development are to be flushed down the drain.</p><p id="ffa9"><b>What is the root cause? A few small fundamental information security rules — that would have been easily fixable in the earlier phases.</b></p><p id="e18a">I wrote about those patterns in one of my earlier articles, identifying two relevant business approaches. <b><i>Brutal self-reflection </i></b>that companies should follow. And <b><i>Release first, fix later</i></b> that should be dropped, or at least exercised with great care.</p><div id="3613" class="link-block"> <a href="https://readmedium.com/why-entrepreneurs-should-care-about-brutal-self-reflection-70839e307925"> <div> <div> <h2>Why Entrepreneurs Should Care About Brutal Self-Reflection</h2> <div><h3>A popular business approach returns self-destructive trends</h3></div> <div><p>medium.com</p></div> </div> <div>

Options

   <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*vlNOR6nNxOPfJLS6h1LVrw.jpeg)"></div>
          </div>
        </div>
      </a>
    </div><h1 id="cefa">The third viewpoint — verification</h1><p id="2f81">I prepared a framework for the presentation and introduced it to the business development manager of that university-sponsored incubator. The business-oriented mentor was semi-interested. It took me two meetings to successfully explain it in his terms.</p><p id="44c3">The result?</p><p id="3f64" type="7">“We did not see that! Nobody is doing it. That is real and super important!”</p><blockquote id="ef94"><p><b>“When can you prepare the presentation for our startups? Please do, or find someone who can!”</b></p></blockquote><p id="20e9">Here is a small problem — I cannot do it alone. The topic and the critical message are far too valuable than being presented by some unskilled amateur presenter.</p><p id="5d49">I need to involve skilled professionals and government authorities to deliver the message. But the majority do not seem to be interested or understand my message.</p><h1 id="705a">Systems thinking perspective</h1><p id="2923">Professionals fight and chase cyber-criminals all the time. It’s a neverending story — extinguishing the same fires every day.</p><p id="4f32">I have developed a theory about hackers not many colleagues share with me. It’s hard to describe, but systems thinking offers an interesting perspective.</p><p id="c57c">The (eco)system supports all the subsystems or parts that help the (eco)system thrive. And hackers have been a part of the system from the beginning. They act as the corrective mechanism for the system forcing subsystems to optimize and improve.</p><p id="1bc1">The weak disintegrate, while the strong get a chance to correct and improve. It’s a natural selection. Many think that hackers drill holes in systems, but that is incorrect. All the holes are already there. Hackers only seek and point them out, punishing the superficials.</p><p id="038d">That brings me back to those two business approaches mentioned before. <b><i>Brutal self-reflection </i></b>prevents and efficiently corrects the system’s faults. <b><i>Release first, fix later</i></b> drills the most holes in systems.</p><p id="4a97">And interestingly, the COO of that regional incubator explained that I failed to understand the importance and impact of both approaches. The first is too obstructive for creativity, and the second is vital to outrun the competition.</p><p id="300e">I believe that largely depends on the viewpoint and broadness of one’s perspectives.</p><p id="00c3">Anyway, I believe this is much more important than being delivered as another soon-to-be-forgotten article on MEDIUM. And I am in chronic need of some skilled help to put this out as effectively as possible.</p><p id="d9d2">I would very much appreciate your professional and personal opinion. Am I overreacting, or was that incubator manager right about this being super important? Have you, too, had enough of those strange foreign numbers annoying you repeatedly?</p></article></body>

THOUGHTS🔛SECURITY

Global Information Security Issue

Is this Call to Action? It should be — we are all paying for the consequences!

Image source by Gerd Altmann from Pixabay

I have started a project that seemed to outgrow my skills and capabilities. While trying to find a solution, a thought crossed my mind:

‘This needs to get out and involve as many people as possible!’

First things first — I am not into that for the money, job, or material benefits. I believe I have spotted a global information security issue and need to involve as many as possible to start correcting such mistakes.

As described in my BIO, I was fortunate enough to join a dynamic young team of creatives that run one of the largest crypto fintech organizations in the world, after they have experienced a massive breach.

I got a chance and enough time to identify and analyze some surprisingly interesting details/patterns.

More of those patterns combined were the reason behind the data breach of seismic proportions. Viewed from a higher perspective, all of those could be linked to information security basics.

Basics that everyone should have been aware of from the very beginning. Interestingly, when I recently checked the lists of this year’s data breaches, I found that those were full of startups.

Why? Because startups are ideal targets — they generate a lot of investments, resources, and personal data. Atop of that, most of them lack the awareness of information security basics.

The first viewpoint — incubators

I contacted a startup incubator in the region to see how they support startups. They told me they offered an additional ‘information security’ package, but startups did not show any interest. I was surprised. I thought the role of business incubators was to provide critical support — not as options at additional cost.

At the same time, I was in the recruitment process with one of the largest European incubators. In an interview, I asked their CTO if there was a CISO in the incubator. While they have successfully supported more than 200 startups, I was the first one in that role. And that was for a specific FinTech project because of the mandatory requirement of the EU financial regulator.

Sweden was a constant target of hacking attacks at that time. I contacted various Scandinavian startup incubators and offered free help in exchange for first-hand feedback. From more than 30 incubators, I received two replies.

One was from an incubator sponsored by a local municipality — they confirmed that they have information security covered by the local municipality administration. The second was university-sponsored and was interested in hearing more from me.

I realized most European business incubators do not help startups with information security basics. They consider taxation, accounting, employment, business, and (some) even social media as critical topics. But not information security.

The second viewpoint — awareness

I spoke with the COO of the regional incubator, and he assured me that startups do not have the luxury to spend their scarce resources on topics of secondary importance. He was referring to ‘unmeasurable piles’ of time and finance.

I started to question both viewpoints — something was off. But I believe I have figured that one out. Many business managers do not discern between Information Security and IT security. The latter is just a part of the former and is associated with substantial financial investments in expensive IT equipment.

The fundamentals of Information Security do not require any (serious) financial investments. Most European government-sponsored cyber-crime fighting agencies offer a basic awareness training — for free.

But as business managers and mentors link information security to high costs, they leave it aside altogether. Forever! Until some unfortunate organization experiences a colossal hack and loses millions of euros and personal data.

At some point, the management analyzes the situation. The findings often suggest their product or service needs re-building — from scratch. Many years of work and development are to be flushed down the drain.

What is the root cause? A few small fundamental information security rules — that would have been easily fixable in the earlier phases.

I wrote about those patterns in one of my earlier articles, identifying two relevant business approaches. Brutal self-reflection that companies should follow. And Release first, fix later that should be dropped, or at least exercised with great care.

Why Entrepreneurs Should Care About Brutal Self-Reflection

A popular business approach returns self-destructive trends

medium.com

The third viewpoint — verification

I prepared a framework for the presentation and introduced it to the business development manager of that university-sponsored incubator. The business-oriented mentor was semi-interested. It took me two meetings to successfully explain it in his terms.

The result?

“We did not see that! Nobody is doing it. That is real and super important!”

“When can you prepare the presentation for our startups? Please do, or find someone who can!”

Here is a small problem — I cannot do it alone. The topic and the critical message are far too valuable than being presented by some unskilled amateur presenter.

I need to involve skilled professionals and government authorities to deliver the message. But the majority do not seem to be interested or understand my message.

Systems thinking perspective

Professionals fight and chase cyber-criminals all the time. It’s a neverending story — extinguishing the same fires every day.

I have developed a theory about hackers not many colleagues share with me. It’s hard to describe, but systems thinking offers an interesting perspective.

The (eco)system supports all the subsystems or parts that help the (eco)system thrive. And hackers have been a part of the system from the beginning. They act as the corrective mechanism for the system forcing subsystems to optimize and improve.

The weak disintegrate, while the strong get a chance to correct and improve. It’s a natural selection. Many think that hackers drill holes in systems, but that is incorrect. All the holes are already there. Hackers only seek and point them out, punishing the superficials.

That brings me back to those two business approaches mentioned before. Brutal self-reflection prevents and efficiently corrects the system’s faults. Release first, fix later drills the most holes in systems.

And interestingly, the COO of that regional incubator explained that I failed to understand the importance and impact of both approaches. The first is too obstructive for creativity, and the second is vital to outrun the competition.

I believe that largely depends on the viewpoint and broadness of one’s perspectives.

Anyway, I believe this is much more important than being delivered as another soon-to-be-forgotten article on MEDIUM. And I am in chronic need of some skilled help to put this out as effectively as possible.

I would very much appreciate your professional and personal opinion. Am I overreacting, or was that incubator manager right about this being super important? Have you, too, had enough of those strange foreign numbers annoying you repeatedly?