Hal Gregersen. PHOTO: Cybercrime Magazine.

The Kinds Of Questions We Should Ask When Cybercrime Is On The Rise

Hal Gregersen’s Book “Questions are the Answer” Explores A New Way To Disrupt The Status Quo in Cyber

Georgia Reid

Northport, N.Y. – Feb. 7, 2019

What if you could unlock a better answer to the worst problem in your job as a cybersecurity professional, just by changing the question? The idea of asking questions to solve problems is more than just a philosophy; it is a practical method explained in Hal Gregersen’s new book, “Questions are the Answer: A Breakthrough Approach to Your Most Vexing Problems at Work and in Life.” Gregersen is the executive director of the MIT Leadership Center and an inspirational speaker. His most recent work aims to disrupt the status quo in business and personal lives by encouraging more wondering, more exploring, and more questioning.

The history of technology, innovation, and cybersecurity is rooted in curiosity and asking questions. The term “hacking” immediately comes to mind, a word that sometimes bears a negative connotation, but the true definition of which means figuring out a new method by modifying a function, or disrupting a technology. The modern definition of the word “hack” was first coined at MIT in April 1955. It gained more traction in the1960s at MIT’s Tech Model Railroad Club, when, according to one Tripwire article, members “hacked their high-tech train sets to modify their functions.” Hacking was soon applied to early computers at MIT in 1963 — you can see the original article about it here.

Since the early days of technology and model train tinkering, hacking has taken on a much more critical role in society. It would lead to the development of modern technology as we know it. In the 1970s, phone hacking exposed vulnerabilities in the call routing system. Steve Jobs and Steve Wozniak were actually phone hackers, and by asking questions about how they could hack various systems, perhaps they were developing curious minds that would be soon able to solve some of the biggest questions about computer technology in history.

Fast forward through the computer age of the 1980s-2010s, to the information age that we know today. Steve Jobs created Apple. Kevin Mitnick hung up his black hat and has since founded two cybersecurity companies (Mitnick Security and KnowBe4). John McAfee has moved beyond anti-virus software to investing in cryptocurrency. Moreover, cybersecurity is more needed than ever before. With a plethora of cybercriminals, hacktivists, and malware for sale on the dark web, cybercrime is growing at an exponential rate. Here are some facts as reported by Cisco and Cybersecurity Ventures in the 2019 Cybersecurity Almanac:

  • Advances in technology are the primary driver for economic growth but have also led to a higher incidence of cyber attacks
  • Ransomware damage costs are predicted to be 57X more in 2021 than they were in 2015
  • Cryptojacking is illegally mining cryptocurrencies, and it’s gaining ground on ransomware as a favorite revenue stream for cybercriminals
  • The digital attack surface is expanding . . . There are many digitally connected “things” that it’s outpacing our ability to secure them properly
  • Humans are at risk. Like street crime, which historically grew with population growth, we are witnessing a similar evolution of cybercrime
  • Hospitals are more vulnerable than any other type of organization in 2019

Cybercrime has hit the U.S. so hard that a supervisory special agent with the Federal Bureau of Investigation who investigates cyber intrusions told The Wall Street Journal that “every American citizen should expect that all of their data has been stolen and is now on the dark web.” Protecting citizens, hospital patients, data, healthcare records, bank accounts, and businesses is the burden we all have upon us at this time. I talk to many Chief Information Security Officers about how they are solving the cybersecurity problem. In his book, Gregersen adds to the dialogue by suggesting an innovative method to try.  

According to Gregersen, it is time to return to a childlike wonder at the world and to disrupt the status quo. Gregersen has spent thousands of hours interviewing creative people and problem solvers. He wrote his book to help readers “discover things so true and important that they deserve tens of thousands of words and hours of a reader’s time to explore,” and to provide a catalyst to a change in how we solve our problems. So, how can we apply this to cybersecurity? We have many challenges to address.

Here is a video interview I conducted with Gregersen, in which we discuss his background and his approach to problem-solving, including a Question Burst™  about Ransomware:

Gregersen, a man who is “fascinated by issues of leadership and innovation in organizations,” has set out to provide leaders and executives with a fresh approach to achieving insight. He demonstrates, through various stories and examples, that questions can reveal new opportunities and yield breakthrough ideas, something that we certainly need in the cybersecurity industry. The book is written in a familiar first-person narrative. The reader is like a kindred spirit on an adventure, from the peak of Mount Everest to a petting zoo in downtown Las Vegas. On every page, readers will be able to find a new story or example of exploration and innovation, from family vacations to the methods of a successful Fortune 100 CEO.

One story that stands out is about the “power of wrongness.” Gregersen writes about Walter Bettinger, the CEO of Charles Schwab, and states he is “one of the most deliberate CEOs I have ever met when it comes to entertaining doubt and inviting fresh questions.” According to Gregersen, Bettinger’s success is due to his ability to make quality decisions. Bettinger asks many questions and goes so far as to require “brutally honest reports” from the people who work directly for him. He “checks in with different vantage points” and depends on others to educate him about what is going on. He even invites his employees to email him or phone him with issues. All of this points to one of Gregersen’s main points in his book — if you hole up in a comfortable bubble or echo chamber, it will do much more harm than good. Get uncomfortable, allow for some vulnerableness, and seek the truth by exploring more.

Lior Div, co-founder and CEO of Cybersreason, is another inquisitive leader who is featured in Gergersen’s book. He is a CEO “who spends much time assuming there is something he is missing,” which is probably a good way to approach cybersecurity. According to Div, we shouldn’t just ask “how can we keep the bad guys out.” Div says the bad guys are already in our systems, and we need new ways to approach the problem. The problem is growing so exponentially that we are now utilizing machine learning and artificial intelligence to combat threats.

I recommend that any leader or innovator in the cybersecurity space read Gregersen’s book.  The challenge we face is huge, but it is not insurmountable if we come together and listen to one another.  Indeed, asking the right kinds of questions is necessary whenever innovation takes place.  Let’s reach inside ourselves and develop our intellectual curiosity and childlike wonder at the world.  Maybe the next best thing to happen in cybsersecurity will be the answer to our questions. 

Georgia Reid