Cybersecurity: Strategies and Techniques
Data and network security spending is rarely at the top of any business purchaser’s list of items to buy. It doesn’t improve productivity, it doesn’t add to the bottom line, so they settle on the least they can get by with. Feeding into this complacency are several misconceptions:
- That hack attacks are targeted: “Why would someone go after me?” (Truth: sometimes they are but most often they are not, instead it's just a matter of who got caught in the hacker's net.)
- That the data would be of no use to anyone else: “I don’t have any secrets / What could a hacker possibly do with data on my computer?” (Truth: It's not just your data, but also the data of other entities you have access to — smaller businesses can be used as stepping stones to larger ones.)
- That if something happens, someone out there will fix it. (Truth: Antimalware programs do not catch everything and it is the victim who bears the brunt of the costs of investigating and cleaning up after a breach.)
- "We already follow our industry standards." (Truth: There are no cybersecurity standards, just recommendations, and the "industry standards" can quickly become out of date, given the rate of change in hacker's techniques and attack vectors.)
It is precisely this mindset that hackers exploit. US businesses leapt into the Internet age, embraced its technology for exchanging information and increasing efficiencies, but gave little thought to its vulnerabilities. This type of approach is akin to engaging in a dangerous sport or activity, all the while convincing oneself that there is nothing nothing to be concerned about.
Still think you have nothing to be concerned about? Consider this: hack attacks have been increasing exponentially, with attacks targeting SMBs rising 61% in 2013. Worse, of those small businesses breached, 60% closed their doors within six months of the event. Even before today's polymorphic malware programs, state-sponsored hackers and darkweb clearinghouses for zero-day exploits and software vulnerabilities, the consensus among cybersecurity professionals has been that breaches are a matter of when, not if. In today's internet threat environment, ignorance is not bliss and you cannot hide in the crowd. It may not come today, it may not come tomorrow, but soon....
Are you prepared?