Cyber criminals are ready. Are you?

“Nearly a third of CEOs list cyber security as the issue that has the biggest impact on their company today, yet only half feel prepared for a cyber-attack.”
KPMG Global CEO Outlook

It seems like each day brings news of yet another technological advance made by those in Silicon Valley and other entrepreneurial centers. Fueled by students attending school and undertaking other activities that sharpen their skillsets at the bleeding edge of technology, the cycle shows no signs of slowing. It is difficult for even those deep in the field to keep up and maintain protective barriers.

There are two sides to progress; for every student studying to earn an honest living, there is a cyber criminal counterpart, keeping current by hands-on ‘work’: attacking businesses, organizations, and governments. These cyber criminals have honed their criminal models and attack to extract money from organizations through ransomware, theft of valuable information, and blackmail that threaten a denial of service or complete shutdown of an organization’s system. 

Unfortunately, these same criminals have seized opportunities the COVID-19 pandemic has presented, growing the threat of a cyber attack exponentially in recent months. FBI Deputy Assistant Director Tony Ugoretz notes a huge uptick in cybercrime reports since the pandemic’s start that translates into four times the attack rate than pre-virus.

If your organization is struggling to keep pace and it seems like “my organization against the world of evil hackers" you might not be too far off base. Each time the honest world thinks it's winning the race, along come faster hackers. A lot more of them. Faced with this ever-increasing menace, those of us in the Cyber Security world have an increased awareness of ‘vulnerability’ and ‘consequence’. Standard protocols such as putting a firewall in place, validating passwords, and monitoring the network just scratch the surface.

“A tremendous amount of activity does not necessarily equal progress.

- Dean Lane, SVP The Institute of World Politics

Today’s environment requires a more holistic approach to ensure dwell time is virtually zero. Not only must our workforce be aware and prepared, but we must also understand who is attacking us, what they are after, and what are their motives. The saying, “know thy enemy” has never held more true!

Leaving your system vulnerable while you study your attackers is ill advised. This is why the very first step in enhancing your organization’s Cyber Security armor is always to assess your current position. It may be tempting to buy technology (whether hardware or software) to solve the problem, but you really won’t know what technology will truly satisfy your need without a proper assessment.

Our Cyber Intelligence Seminars cover these steps in greater detail, but in short your assessment should ask and answer the following tough questions:

  1. Is the technology group properly structured?
  2. Do we have the right people with the right skill set?
  3. Have we created an intellectual property hierarchy that defines what is most important to protect?

Many suggest that this assessment is so that you can identify the gaps. However, I believe this is the equivalent of zero-based budgeting in finance.

As you dive deeper into your assessment, you’ll find yourself asking more questions about the attackers themselves. Developing a profile in connection with your assessment will help you understand what you’ll need to implement to protect your program. These questions may seem basic, but having these answers will complete your assessment:

  • Who are the attackers?
  • Where do the most vulnerabilities exist?
  • When is an attack anticipated?
  • Why are they targeting your organization?
  • What is your plan if an incident occurs?

Remember, cyber attackers are well organized and have no other mission than to disrupt and infiltrate your system.  To stay in the race and ahead of the criminals, organizations need to bring the same focus and approach to cyber threats as they take to their business competitors and other opponents.