Cyber-Security in the 21st Century: Hunt or Be Hunted


Cyber-Security in the 21st Century: Hunt or Be HuntedThe CFA Institute Annual Conference is an unrivaled opportunity to access high-quality, unbiased educational content that equips investment professionals with the latest thinking on critical industry issues. The 71st CFA Institute Annual Conference will be held in Hong Kong on 13–16 May 2018.

Cyber-security expert Eric Cole likes to remind his audiences about an African proverb that, in his telling, goes something like this:

Every morning in Africa, an antelope wakes up.

It knows it must run faster than the fastest lion, or it will be killed.

Every morning, a lion wakes up.

It knows it must outrun the slowest antelope, or it will starve to death.

It doesn’t matter whether you are a lion or an antelope: When the sun comes up, you’d better be running.

“The Fable of the Lion and the Gazelle”

That’s because, in Cole’s view of the world and the threat of cyber-security risk, you are either hunting or being hunted.

“The adversary never sleeps,” Cole warned delegates at the 69th CFA Institute Annual Conference in Montréal. “If you have not detected an attack/compromise in the last six months, it is not because it is not happening. It is because you’re not looking in the right areas.”

When you look at changing technology, he added, there is nothing that is changing faster than cyber-security. “If you want to win in financial services, you have to go hunting.”

Cole spends a lot of his time hunting for cyber adversaries. He is chief scientist at Secure Anchor Consulting, which provides security services and expert witness work. He is also the author of several books, including Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization.

While it is ideal to prevent a cyber-attack, he said, detecting an imminent attack is a must. And just because all attacks cannot be prevented doesn’t means firms should give up trying.

Cole cited a shocking statistic: Insiders are responsible for 90% of security incidents, of which 29% are malicious — fraud/data theft, inappropriate access, disgruntled employees, etc. — and 71% are unintentional, including misuse of systems, log-in/log-out failures, cloud storage, etc.

He offered delegates five simple tips for being safe in a digital world:

  1. Do not open attachments.
  2. Do not click on web links.
  3. Do not store passwords within programs.
  4. Trust no one.
  5. Always verify email.

He should perhaps, though, have labeled the slide being “safer” in a digital world.

“Your cell phone is not a cell phone; it is a portable server,” Cole said. The only way to be safe in a digital world is “to go Amish.”

Cole’s presentation can be viewed below.

Receive updates about the conference by subscribing to the CFA Institute Annual Conference blog.

All posts are the opinion of the author. As such, they should not be construed as investment advice, nor do the opinions expressed necessarily reflect the views of CFA Institute or the author’s employer.

Image credit: ©

This entry was posted in News, Speakers and tagged . Bookmark the permalink.