Where to begin? Start with the fundamental assertion that we are at war, a cyber war. The topic is expansive and seems to become more inclusive every day as the word “cyber” enters almost every aspect of our lives. “Cyber” is becoming so familiar to us now that we passively accept anything associated with it. We don't always appreciate that, but it is true, and it becomes truer with every new day and Internet-enabled device. We don't see all of these devices, either. From laptops and smartphones and tablets to automobiles to refrigerators, cockpits, and smart homes, we are connected. The utilities that power our inventions and domiciles are connected. Hospitals are connected. Retail stores, insurance companies, defense contractors, automobile manufacturers are connected, too, as are chemical manufacturers, agriculture, and government. It seems like everyone is connected to everything, and all is connected to or by the Internet.

And that's great—or so it seems. But the bad actors of the world, from organized criminals to narcotics traffickers to identity thieves to traffickers of humans, sex, illegal arms, and even weapons of mass destruction, have also found a cyber stage upon which to perform.

This book is about three defined issues. First is the cyber threat. Growing worse by the day, it is omnipresent, diversified, giving the word “cyber” a bad reputation. Cyber love, cyber kindness, cyber humility, cyber goodness, cyber cheer—these terms are vastly outgunned by other cyber-ish terms. Cyber war, cyber terror, cyber bullying, cyber fraud, cyber spying, cyber crime come to mind.

Second is the notion of vulnerability. What makes us vulnerable, and what increases this vulnerability? Things like social media contribute to this state of vulnerability. So does mobility, a culture of information on demand, anywhere, anytime, and on any device. It seems the more information-rich and information-device diverse we become, the more vulnerable we become. Somewhat insidiously, the more vulnerable we become, the less we may realize it. Why? Because we are so intimately familiar with all things cyber. Cyber haunts the backstory of most everything we do. It is invisible. Only its symbols are seemingly magically visible. Its commonness instills if not a sense of trust, then one of virtual indifference. As with a colorful toy, we are mesmerized with cyber things, even if the word is never uttered. Games, maps, menus, books, movies, lectures, newspapers, magazines, and just about everything else is digital.

The third undertaking is what enterprises can do to help offset the threats by addressing vulnerabilities. Interestingly enough, governments are trying to reduce the threats through public policy, regulation, security guidelines, and frameworks. However, there is no escaping the fact that every organization must face these issues, with or without input and insight from the government. These are not assignable risks. This book examines some of the things organizations, from government to public and private enterprises, should do to prepare for what many consider to be an inevitable breach. No organization is helpless. Far from it. The issue isn't that there's nothing to do, that we're totally defenseless. It's more that the synaptic charges that are supposed to get through to the boards lose thrust and intensity along the way.

Ralph Waldo Emerson once wrote that nothing great ever happens without enthusiasm. One of the great things that can be done in the face of the powerful cyber threat is simply to accept it, confront it head-on, and commit to managing the risks it conveys. There is an opportunity to generate enthusiasm about managing the cyber threat, about mitigating the risks it poses.

Divided into three parts, this book conveys the message that “security” and “technology” are two words that every board director must embrace, because these two words result in two other words that the board understands all too well: “risk impact.” Part I examines the cyber threat in its many forms. Part II takes a look at the vulnerabilities common to companies, while Part III provides strategies for more effectively controlling the risks associated with cyber attacks.

This book hopes to instill that enthusiasm by discussing the threat, examining the vulnerabilities, and embracing change that leads to more resilience and resistance to the threat. But one thing is certain: Cyber crime is like any other crime. It isn't going away. Just the opposite seems true. And a cyber war defines war. No war in the future will take place without this dimension. We live in a digital universe, for better or worse. Make no mistake. We need to manage the cyber element of our universe so that it does not manage us. The greatest risk is in failing to meet this threat.