What makes an asset interesting for cyber attackers? This question may seem appropriate, but there is another, more relevant, to ask. Is it possible to lose a part of your assets through a cyber attack?
HERMENEUT identified the concept of the domain of existence. If an asset exists totally or partially in the cyber domain, it could be attacked. Hence, it must be considered as a part of the cyber risk estimations. The domain of existence is the “realm” where the asset is recognized as such, and where its value is defined. Realms of existence may be, for example, the real world, social networks, the IT domain, word of mouth, etc. If an asset “exists” only outside the cyber world, it cannot easily be attacked by cybercriminals. As an example, we can consider the same asset, like the reputation, for a traditional foundry or an IT company.
Bringing from the marketing literature the concept of brand ecosystem, we can identify the domain of existence as the application domain where the asset ecosystem exists. The correct estimation of the cyber risks hence passes, first of all, through the mapping of the assets and their domains of existence.
Realms of existence in the new digital world
This discussion is becoming crucial, especially as a consequence of the proliferation of digital-physical interfaces (e.g., industry 4.0). For these reasons, the International Organization for Standardization (ISO) released a new “Technical Report” not long ago. The ISO dedicated this new report to the Safety of Machinery. Interestingly, this publication confirms that some purely tangible assets should be considered in cyber strategies, and that what makes an asset interesting for cyber criminals is its domain of existence: if it’s cyber, it could be attacked, whatever the asset is.
Click to know more about the report: ISO / TR 22100-4: 2018, Safety of Machinery – Relationship with ISO 12100 – Part 4: Guidance to machinery manufacturers for consideration of related security (cybersecurity) aspects.