Business Development Manager
It’s been said that we live in a dangerous world, and it’s easy to find plenty of examples of potential risks. That said, it’s often difficult to quantity just how big a risk actually is.
Cybersecurity is a perfect example of this. Cyber makes for great entertainment when fictionalized; think “The Imitation Game,” the re-telling of the life of Alan Turing, who was a master mathematician and the decoder of Enigma, the German encryption system. At the same time, more than almost any other industry, it’s the source of a constant drum-beat of vaguely quantified threats that “everyone is being hacked all the time.” We’ve heard these warnings for years. Has something changed?
The answer seems to be an emphatic “YES.”
While many of the traditional security threats remain, there is a new level of energy and purpose behind the attacks reported in the past year. In the early years of IT security, the focus was on maintaining a safe perimeter through the use of network firewalls from companies like Checkpoint, and defending against Distributed Denial of Service attacks that, because of their ability to temporarily take websites off-line, were more of a nuisance than a serious threat.
As mobile endpoints like PCs and smartphones became more capable, they created more vulnerabilities, and the threats evolved to exploit them. Security organizations responded with more robust “defense in depth” strategies, eventually parodied as “expense in depth.”
But the cyber-threats we’re seeing now are different for three specific reasons.
1. Many of the attacks have gone from nuisance to straight-up crime. Your valuable assets, especially your private data and online capabilities are being targeted, and increasingly, held hostage.
Ransomware attacks, in which a hacker penetrates your key systems, encrypts your data and locks you out, are epidemic. Like most cyber threats, there is a certain criminal elegance to the approaches taken, but the defenses are almost always the same – good cyber-hygiene around password maintenance, admin permissions, and constant vigilance around phishing, network security and access. It’s also critical that any organization have an incident response plan in place that ensures data is mirrored and protected so that business can go on or recover, even in the event of a serious breach.
2.It’s no longer just about you, it’s about who you’re connected with and what they do. In reporting that was published in the Wall Street Journal, the U.S. Navy revealed that its supply chain is under “relentless attack.” In one case, a Navy contractor’s systems were breached in an attack attributed to Chinese hackers.
The target? Secret plans for a supersonic anti-ship missile designed to be used by American submarines. While core Department of Defense systems are constantly updated and monitored for such threats, smaller contractors and suppliers are now being viewed as the primary attack vector for those seeking to steal information about U.S. defense plans and capabilities. To be crystal clear, the primary attack points are small companies, not because of who they are, but because of who they know and do business with. Hackers enter, and eventually compromise, an entire supply chain by targeting the weakest link. Who’s liable for the loss? That remains to be seen, but it’s not going to be pretty.
3. The consequences are larger, more visible, and potentially catastrophic when it comes to online brands, or simply the ability to conduct business online. While we tend to think of cyber-crime as focused on IT assets like corporate computer systems and personal data such as social security numbers, banking information and passwords, cyber-criminals are now also targeting operational systems like elevators, climate control and other systems that are now networked. State and local government online assets are also at risk. In one well-publicized event in March of 2018, the city of Atlanta was crippled by ransomware. Court dates were cancelled, residents couldn’t pay water bills or taxes, and years of data were lost. The hackers demanded a payment of $51,000. City government said “NO” and ended up spending an estimated $17M to deal with the consequences of the attack.
What can you do about it? Well, if you are located in northern Virginia, the first thing you should do is to sign up for and attend our seminar on “Cybersecurity Best Practices for Small Business,” scheduled for Thursday, May 9 at 5:30 p.m. at Old Ox Brewery in Ashburn. Guest speakers are Sindi Major Martinez, CEO of the CEM Solutions Group, and a specialist in cybersecurity for small and medium businesses, and Tim Reichert, CEO of Energy Sherlock, and an expert in aspects of physical security that you may not have considered.
It’s a great opportunity to begin to develop the cyber plan for your small business and to network with other like-minded professionals. Hope to see you there!